My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 104: Enforce ssh user names to be unique per account
  Back to list
Status:  Released
Owner:  code-rev...@gtempaccount.com
Closed:  Oct 2012


Sign in to add a comment
 
Reported by code-rev...@gtempaccount.com, Sep 24, 2009
Reported by Shawn Pearce <sop@google.com> on Tue Mar 10 17:44:43 PDT 2009
Source: JIRA GERRIT-104
Affected Version: 2.0.7

Set SSH usernames be unique per account, and allow users to select their own
user name if the guessed default is already taken.

This fixes a possible MITM attack:

Attacker knows another public key that joe@gmail.com's SSH client will submit
during the SSH authentication (SSH allows you to propose several public keys
in a single packet) but that has not been added by joe@gmail.com to his gerrit
account. This can be done by monitoring the network (requiring an active MITM
attack, since pub keys are sent after), running a SSH server the victim will
connect to or any other means. Attacker adds this key to his account. Next
time joe@gmail.com SSHs to gerrit he may very well be logged-in to the
attacker's account.
Sep 24, 2009
#1 code-rev...@gtempaccount.com
Comment by Shawn Pearce <sop@google.com> on Wed Mar 11 07:50:24 PDT 2009

Assuming the MITM is even successful, at worst you are seeing projects that
the attacker can see, rather than projects that you would normally see.  If
the project you are trying to upload into is one that is private to you, that
the attacker can't see, you'll get "project not found" errors, alerting you to
the problem.  If the attacker can see projects that you cannot, then the
attacker has just given you access to information they were supposed to
protect.  Stupid attacker.

If you try to upload changes for review, using the attacker's account, it is
likely to fail, due to the committer email address you have used in your
commit objects not matching an email address registered in the attacker's
account.
Sep 24, 2009
#2 code-rev...@gtempaccount.com
Update by Shawn Pearce <sop@google.com> on Thu Aug 06 17:36:41 PDT 2009

Fixed in version 2.0.18.
Status: Fixed
Sep 24, 2009
#3 code-rev...@gtempaccount.com
Comment by Shawn Pearce <sop@google.com> on Thu Aug 06 17:36:41 PDT 2009

Fixed by https://review.source.android.com/11060
Sep 24, 2009
#4 code-rev...@gtempaccount.com
Update by Shawn Pearce <sop@google.com> on Sat Aug 15 18:34:57 PDT 2009
Status: New
Sep 24, 2009
#5 code-rev...@gtempaccount.com
Update by Shawn Pearce <sop@google.com> on Sat Aug 15 18:35:09 PDT 2009
Status: Fixed
Sep 25, 2009
#6 code-rev...@gtempaccount.com
(No comment was entered for this change.)
Labels: FixedIn-2.0.18
Oct 25, 2012
#7 sop@google.com
(No comment was entered for this change.)
Status: Released
Blocking: -gerrit:253
Sign in to add a comment

Powered by Google Project Hosting