近日,开源社区爆出惊人消息,指出在GitHub上删除的内容、私有存储库的数据均可以永久访问,且这一功能是官方有意设计的。这一发现迅速引起了广泛关注,尤其在开发者和安全专家群体中。开源安全软件公司Truffle Security在其博客中详细介绍了这一问题,并引入了新术语“CFOR(Cross Fork Object Reference)”,用于描述这一漏洞。
CFOR漏洞发生在当一个存储库fork可以访问另一个fork中的敏感数据时,包括来自私有和已删除fork的数据。在CFOR中,用户仅需提供提交(commit)哈希值就能直接访问提交数据,而通常情况下这些数据是不可见的。这一发现揭示了GitHub在数据管理和访问控制上的潜在安全风险。
### 具体工作流程示例:
1. **工作流程1**:开发者在GitHub上fork一个公共存储库,提交代码后删除自己的fork存储库。然而,提交给fork的代码仍然可以被访问,这违背了通常的预期。
2. **工作流程2**:开发者在GitHub上有一个公共存储库,用户fork该存储库后,开发者在其fork后提交数据,用户不与更新同步,开发者随后删除整个存储库。在这种情况下,用户fork的存储库中开发者提交的代码依然可访问。
3. **工作流程3**:开发者创建一个最终将公开的私有存储库,为不打算公开的特征创建一个私有内部版本(通过fork),并为这些额外的代码提交。当存储库公开后,私有特征和相关代码则可供公众查看。
### 解释与影响:
GitHub的存储库网络结构导致了上述问题的出现。当一个公共存储库被删除后,GitHub会将根节点角色重新分配给下游fork存储库之一。尽管原始存储库被删除,但来自该存储库的所有提交仍然存在,并可以通过任何fork存储库访问。这使得敏感数据暴露在公共视野中,增加了数据泄露的风险。
### 解决策略:
尽管GitHub的这一设计有其初衷,但其潜在的安全风险不容忽视。开发者和机构应采取更严格的访问控制策略,避免敏感数据意外公开。此外,使用更强大的加密技术和定期安全审计也是应对这一问题的重要手段。GitHub官方对此问题的确认和解释,为开发者提供了更清晰的认识,促使社区共同寻找更安全的解决方案。
### 结论:
这一发现提醒了开源社区在使用GitHub等平台进行代码管理时,需对数据安全保持高度警觉。通过加强数据访问控制、加密措施以及定期的安全审核,可以有效减少类似风险的发生,保护开发者和机构的敏感信息不被不当访问。
英语如下:
### GitHub Confirms Major Security Risk: Deleted Content and Private Data Permanently Accessible
A shocking revelation in the open-source community has come to light, pointing out that deleted content and private repository data on GitHub can be permanently accessed, a feature that the platform intentionally designed. This discovery has sparked significant attention, particularly among developers and cybersecurity experts.
Truffle Security, an open-source security software company, detailed this issue in their blog, introducing a new term, “CFOR (Cross Fork Object Reference),” to describe this vulnerability. CFOR occurs when a repository’s fork has access to sensitive data from another fork, including data from private and deleted forks. In a CFOR scenario, users can directly access commit data using the commit hash, data that is typically inaccessible.
This discovery highlights potential security risks in GitHub’s data management and access control systems. The workflow examples provided illustrate how this vulnerability can be exploited:
1. **Workflow 1**: A developer forks a public repository on GitHub, commits code, then deletes their fork repository. However, the code committed to the fork remains accessible, contradicting usual expectations.
2. **Workflow 2**: A developer has a public repository on GitHub. Users fork the repository, and the developer commits data to their fork after the user stops syncing updates. The developer then deletes the entire repository. In this case, the user’s fork still contains the developer’s commit code.
3. **Workflow 3**: A developer creates a private repository that will eventually be made public, for features not intended for public release, creates a private internal version (via a fork), and commits additional code. After the repository is made public, the private features and related code become accessible to the public.
### Explanation and Impact:
The structure of GitHub’s repository network leads to this problem. When a public repository is deleted, GitHub reassigns the root node role to one of the downstream fork repositories. Even after the original repository is deleted, all its commits remain and can be accessed through any fork repository. This exposes sensitive data to public view, increasing the risk of data leaks.
### Mitigation Strategies:
Although GitHub’s design has its intended purposes, the potential security risks it presents cannot be overlooked. Developers and organizations should implement stricter access control policies to prevent sensitive data from being accidentally exposed. Employing stronger encryption technologies and conducting regular security audits are also crucial measures to address this issue. GitHub’s acknowledgment and explanation of this problem provide developers with clearer insights, encouraging the community to seek safer solutions together.
### Conclusion:
This discovery serves as a reminder for the open-source community to remain vigilant about data security when managing code on platforms like GitHub. By strengthening data access controls, encryption measures, and conducting regular security audits, the risk of similar incidents can be significantly reduced, ensuring that sensitive information is not improperly accessed.
【来源】https://www.jiqizhixin.com/articles/2024-07-29-3
Views: 1