Signing snapshots

Robert Collins robertc at robertcollins.net
Tue Jun 21 12:42:03 BST 2005


On Tue, 2005-06-21 at 07:00 -0400, Aaron Bentley wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi all,
> 
> Part of the plan for signing in bzr was to sign the snapshot, not the
> data generated from it (i.e. the revision store gzips or whatever).
> 
> In #arch, Andrew Suffield has listed a couple of reasons why he thinks
> this is a terrible idea.
> 
> 00:29 < abentley> asuffield: let's say as a straw-man, we took an
>                   inventory of the tree, with SHA-1 sums, sorted that
> 		  inventory in a rigorously defined way, and signed it. 			   What
> kind of holes would you expect to find?
> 00:30 < asuffield> abentley: I would expect to find DoS attacks against
> 		   the inventory process and ways to slip files past it
> 		   which never appear in the inventory, and that's
> 		   without even thinking about it
> 00:31 < asuffield> I would also expect to find implementation bugs that
> 		   were exploitable, probably suitable for remote
> 		   arbitrary code execution
> 
> He also pointed out that there have been exploits against gzip in the
> past, that that, in his estimate neither tar nor gzip can be considered
> secure.  Good thing we don't use tar, I guess :-)
> 
> Anyhow, I thought that these issues were worth discussing.

I think they are worth discussing... but I'm not sure how relevant they
really are. Lets assume you only process data after checking it has some
valid signature on it. You can't check *whose* signature until you know
who claimed to write the revision. So you can either process the
revision, then check the sig and enforce policy, or check the sig is
valid, process the revision and then enforce policy. Andrews argument is
that one should only process data once you know it has a good sig. So as
an attacker A can generate a good sig from their 'I am attacking key',
put that on top of data that attacks libdiff/revfile/tar/gzip -
whatever.

You are equally screwed.

Rob


-- 
GPG key available at: <http://www.robertcollins.net/keys.txt>.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20050621/201ffc92/attachment.pgp 


More information about the bazaar mailing list