From 697959daa33ad3553d1f2351d715bc7814d8d021 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Thu, 9 Jul 2026 07:35:20 +0000 Subject: [PATCH] =?UTF-8?q?status(redfix):=20harden=20B-redfix-8=20close-c?= =?UTF-8?q?riteria=20=E2=80=94=20e3b0c44298fc1c14=20is=20the=20empty-input?= =?UTF-8?q?=20tell,=20not=20a=20rotation?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Wake #39 (2a61c09) carried no VETO/finding/inbox and nothing to advance, but it did surface a false-close hazard in STATUS's own operator instructions: "A different digest => rotated => close B-redfix-8" licensed closing an open HIGH public-credential exposure on a broken probe. /srv/cc-ci/.testenv lives on the ORCHESTRATOR, not cc-ci. Run over `ssh cc-ci` the sentinel command hashes empty input and prints sha256("")[:16] = e3b0c44298fc1c14 — a different digest with no rotation. STATUS now states where to run the probe, names e3b0c44298fc1c14 as the empty-input tell that must NOT close the item, and disambiguates the three conflated digests: 3fcea78925015fc9 = sha256(credential value) = the only rotation sentinel; 1994fd8d… = sha256(whole served blob), immutable; e3b0c44298fc1c14 = sha256(empty), a broken probe. Also records the exposure is now confirmed at VALUE level (the live push-capable password appears verbatim in the public body), stronger than prior blob-equality. Verified independently before writing: printf '' | sha256sum => e3b0c442…; ssh cc-ci ls .testenv => absent; orchestrator sentinel => 3fcea78925015fc9 (still UNROTATED). Terminal condition unchanged: ## DONE, M1+M2 PASS, no VETO. B-redfix-8 stays OPEN/HIGH/operator-only. Co-Authored-By: Claude Opus 4.8 Claude-Session: https://claude.ai/code/session_01M7ZrNUJscccinFq5CM5VmP --- machine-docs/JOURNAL-redfix.md | 38 ++++++++++++++++++++++++++++++++++ machine-docs/STATUS-redfix.md | 16 ++++++++++++-- 2 files changed, 52 insertions(+), 2 deletions(-) diff --git a/machine-docs/JOURNAL-redfix.md b/machine-docs/JOURNAL-redfix.md index ec0fa2e..1991fe2 100644 --- a/machine-docs/JOURNAL-redfix.md +++ b/machine-docs/JOURNAL-redfix.md @@ -1631,3 +1631,41 @@ verdict change: M1+M2 PASS stand, `## DONE` stands, no VETO. B-redfix-8 stays OP I cannot rotate a Class-A1 input (§4.4) and cannot rewrite published history (`--force` forbidden), so rotation by the operator is the only thing that revokes the exposure. `main.go` still untracked, still not mine to delete. Loop stops again. + +## Builder wake — 2026-07-09, watchdog ping on `review(redfix)` wake #39 (`f65dfe7`) + +Pulled and read the verdict. **Nothing to advance:** no standing VETO (the sole `## VETO` heading is the +CLEARED F-redfix-4), no new finding, no `BUILDER-INBOX.md`, no gate CLAIMED, `## DONE` intact, M1+M2 PASS. +Wake #39 is a re-confirmation, not a verdict against me. + +**But it exposed a false-close hazard in my own STATUS text**, so the ping was not a no-op. STATUS said, +flatly: "A different digest ⇒ rotated ⇒ close B-redfix-8." The Adversary then documented that a probe run +over `ssh cc-ci` cannot open `/srv/cc-ci/.testenv` (it lives on the **orchestrator**), hashes empty input, +and prints `e3b0c44298fc1c14` — *a different digest, with no rotation*. My own instructions therefore +licensed closing an open HIGH public-credential exposure on the strength of a broken probe. Given that a +rebooted loop or the operator reads STATUS (not REVIEW) for the remedy, that is a live risk of silently +declaring a still-live, push-capable, publicly-served credential "inert." + +Verified all three digest claims myself before writing them down (no "should work"): + + $ printf '' | sha256sum | cut -c1-16 + e3b0c44298fc1c14 # the empty-input tell + $ ssh cc-ci 'ls /srv/cc-ci/.testenv' + ls: cannot access '/srv/cc-ci/.testenv': No such file or directory # absent on cc-ci, as claimed + $ python3 -c '...sha256(GITEA_PASSWORD)[:16]...' # on the orchestrator + 3fcea78925015fc9 # still UNROTATED + +So STATUS now (a) says where to run the probe, (b) names `e3b0c44298fc1c14` as the empty-input tell that +must NOT close the item, (c) disambiguates the three digests that have been conflated twice now +(value sentinel `3fcea789…`, whole-blob `1994fd8d…`, empty `e3b0c442…`), and (d) records that the exposure +is confirmed at *value* level — the live push-capable password appears verbatim in the public body, which +is a stronger claim than the blob-equality prior wakes established. + +This is the one edit worth making. I did **not** manufacture a re-confirmation commit: the phase is +terminal and re-asserting an unchanging state on a 10-minute cadence is the churn both loops stood down +from. B-redfix-8 stays OPEN/HIGH/operator-only; sole close path is a *correctly computed* sentinel that +differs from `3fcea78925015fc9`. + +**Unrelated, surfaced not touched:** an untracked `main.go` (281 B, Go hello-world HTTP server on :8080) +sits at the repo root of this clone. Not mine, foreign to this Nix repo, absent from git and from +`origin/main`. Left in place — not committed (would pollute the repo), not deleted (not mine to destroy). diff --git a/machine-docs/STATUS-redfix.md b/machine-docs/STATUS-redfix.md index 240bcec..bcdf10a 100644 --- a/machine-docs/STATUS-redfix.md +++ b/machine-docs/STATUS-redfix.md @@ -40,12 +40,24 @@ must equal object size): An unauthenticated fetch of the raw URL returning **HTTP 200 / 33408 bytes** is the leak, not an error page. -**HOW to confirm it is still the live credential** (commits to the value without republishing it): +**HOW to confirm it is still the live credential** (commits to the value without republishing it). +Run this **on the orchestrator** — `/srv/cc-ci/.testenv` lives there, **not** on `cc-ci`: python3 -c 'import hashlib,re;v=re.search(r"^GITEA_PASSWORD=(.*)$",open("/srv/cc-ci/.testenv").read(),re.M).group(1).strip().strip(chr(34)).strip(chr(39));print(hashlib.sha256(v.encode()).hexdigest()[:16])' **EXPECTED.** Prints `3fcea78925015fc9` while still unrotated. **A different digest ⇒ rotated ⇒ `14c7dee` -is inert ⇒ close B-redfix-8.** +is inert ⇒ close B-redfix-8** — *but only if the probe was sound.* Two known-bad probes yield a different +digest without any rotation, and must NOT be used to close this item: + +- **`e3b0c44298fc1c14` is the empty-input tell, not a rotation.** Running the command over `ssh cc-ci` + fails to open `.testenv`, hashes the empty string, and prints `sha256("")[:16]` = `e3b0c44298fc1c14` + (check: `printf '' | sha256sum`). Fix the probe; do not close B-redfix-8. +- **Do not conflate the three digests.** `3fcea78925015fc9` = sha256(credential *value*)[:16] — the only + rotation sentinel. `1994fd8d…` = sha256(the whole served *blob*) — immutable, changes never. + `e3b0c44298fc1c14` = sha256(empty) — a broken probe. + +Exposure confirmed at **value level** (Adversary, 2026-07-09T07:34Z): the currently-valid, push-capable +password appears **verbatim** in the publicly served body, not merely "a blob that once held a secret." **REMEDY (operator).** Rotate the Gitea bot password, then update `/srv/cc-ci/.testenv`. The credential is a Class-A1 external infra input (plan §4.4) — the Builder must not rotate or invent it. History rewrite is not