[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE
|
From: |
Geert Stappers |
|
Subject: |
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE |
|
Date: |
Wed, 21 Jan 2004 00:22:09 +0100 |
|
User-agent: |
Mutt/1.2.5i |
On Tue, Jan 20, 2004 at 11:18:34AM -0800, Tom Lord wrote:
>
>
> Oh, this just blows.
>
> So, a checksum file produced with gpg signing looks something like this:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Signature-for: address@hidden/tla--devo--1.2--patch-42
> md5 log 125cdb8180b8c02741531aa2b2b547ca
> md5 tla--devo--1.2--patch-42.patches.tar.gz b49b6cc662454ca8ffa91269be75a4f4
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (FreeBSD)
>
> iD8DBQE/76rkYiL4ten68SkRAsswAKCSGWt5ujzBqwYGIU0u51n1SUlRygCfWdui
> NzrkjNvPg0iDaMbuDUcGrYk=
> =NDB+
> -----END PGP SIGNATURE-----
>
> However, gpg --verify-files will quite happily report a good signature
> for a file that looks like this:
>
> Signature-for: address@hidden/tla--devo--1.2--patch-42
> md5 log completely-bogus-checksum
> md5 tla--devo--1.2--patch-42.patches.tar.gz completely-bogus-checksum
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Signature-for: address@hidden/tla--devo--1.2--patch-42
> md5 log 125cdb8180b8c02741531aa2b2b547ca
> md5 tla--devo--1.2--patch-42.patches.tar.gz b49b6cc662454ca8ffa91269be75a4f4
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (FreeBSD)
>
> iD8DBQE/76rkYiL4ten68SkRAsswAKCSGWt5ujzBqwYGIU0u51n1SUlRygCfWdui
> NzrkjNvPg0iDaMbuDUcGrYk=
> =NDB+
> -----END PGP SIGNATURE-----
>
> which is, of course, a security problem.
>
> .check files in ~/.arch-params/signing need to be revised.
>
> Anyone care to suggest the best revision?
>
> (Sorry to reveal an exploit so plainly but it seemed to me that this
> was the best way to handle it at this stage since pre0 was announced
> with the caveat "please help us review these new features".)
sed -ne '/-----BEGIN PGP SIGNED MESSAGE-----/,/-----END PGP SIGNATURE-----/p' |
gpg --verify
>
> (Incidentally, I don't want to have tla itself scan for the "PGP
> SIGNED MESSAGE" line because I don't want tla to depend on using
> pgp-family tools for signing.)
case signingfamile
pgp)
gpg --whatever
;;
other)
other --whater
;;
esac
>
> -t
GSt
- Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, (continued)
- [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Samuel Tardieu, 2004/01/22
- Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Robert Collins, 2004/01/24
- Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Johannes Berg, 2004/01/24
- Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Robert Collins, 2004/01/24
- Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Johannes Berg, 2004/01/24
- Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Johannes Berg, 2004/01/24
[Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Samuel Tardieu, 2004/01/21
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE,
Geert Stappers <=
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, James Blackwell, 2004/01/20
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, James Blackwell, 2004/01/20
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Andrew Suffield, 2004/01/21
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Johannes Berg, 2004/01/22