diff options
Diffstat (limited to 'Remote/Helper/Special.hs')
-rw-r--r-- | Remote/Helper/Special.hs | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/Remote/Helper/Special.hs b/Remote/Helper/Special.hs index 73486442b8..883dcc9cb1 100644 --- a/Remote/Helper/Special.hs +++ b/Remote/Helper/Special.hs @@ -162,6 +162,14 @@ specialRemote' cfg c preparestorer prepareretriever prepareremover preparecheckp (retrieveKeyFileCheap baser k f d) -- retrieval of encrypted keys is never cheap (\_ -> return False) + -- When encryption is used, the remote could provide + -- some other content encrypted by the user, and trick + -- git-annex into decrypting it, leaking the decryption + -- into the git-annex repository. Verifiable keys + -- are the main protection against this attack. + , retrievalSecurityPolicy = if isencrypted + then RetrievalVerifiableKeysSecure + else retrievalSecurityPolicy baser , removeKey = \k -> cip >>= removeKeyGen k , checkPresent = \k -> cip >>= checkPresentGen k , cost = if isencrypted |