[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers] Detached signatures for source files
|
From: |
Brian Gough |
|
Subject: |
Re: [Savannah-hackers] Detached signatures for source files |
|
Date: |
Mon, 27 Sep 2004 12:04:58 +0100 |
Laurence Finston writes:
> Nor do I have any idea what a metadata attack is.
Replacing a file with a correctly-signed old version containing an
exploitable bug, or version from a different branch, or replacing a
file with a signed file with a different filename. It is relatively
easy to move versions around inside the RCS file or change branch tags
to reintroduce security holes.
To protect against this it is necessary to include metadata such as
the version number, tag and hash of the prior version in the signature
so that there is an audit trail from one version to the next. One way
is to use the --set-notation option in GPG to add this information.
If you are signing tar.gz files then it's less of an issue since they
would have the version number embedded in the tarfile directory name.
--
Brian Gough
Network Theory Ltd,
Publishing Free Software Manuals --- http://www.network-theory.co.uk/