[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnu-arch-users] Possible get/signature verification vulnurability (race
From: |
Karel Gardas |
Subject: |
[Gnu-arch-users] Possible get/signature verification vulnurability (race-condition) |
Date: |
Sat, 24 Jul 2004 22:44:12 +0200 (CEST) |
Hello,
I'm using tla1.2 and during some recent work where I have got MICO's main
archive (now signed) from mico.org to my local host I have noticed this
behaviour:
0) command issued is: tla get address@hidden/mico--main--2.3
1) at the first, archive is traversed and all signatures are verified --
this results in many ``gpg: Signature made...\ngpg: Good signature
from...'' messages
2) after (1), tla found my base-0 revision, downloaded it and unpacked,
i.e. message ``* from import revision: address@hidden/mico--main--2.3--base-0''
is printed.
3) after (2) it normally continues with downloading and applying patches,
messages:
``* patching for revision: address@hidden/mico--main--2.3--patch-1
* patching for revision: address@hidden/mico--main--2.3--patch-2
* patching for revision: address@hidden/mico--main--2.3--patch-3
* patching for revision: address@hidden/mico--main--2.3--patch-4
* patching for revision: address@hidden/mico--main--2.3--patch-5
* patching for revision: address@hidden/mico--main--2.3--patch-6
.............''
are printed.
The problem is: when attacker modifies patch file in archive between the
time when patch file is verified and time it is actually downloaded, it
will succeed and I will end with "corrupted" source tree.
I would like to ask if my analysis of tla behaviour is correct, since I
have just guessed it from the output and from wathing network graph
monitor, but haven't looked into the sources for a proof of it.
Thanks,
Karel
--
Karel Gardas address@hidden
ObjectSecurity Ltd. http://www.objectsecurity.com
- [Gnu-arch-users] Possible get/signature verification vulnurability (race-condition),
Karel Gardas <=