[Bug 1013128] Re: gpg key shadowing
Launchpad Bug Tracker
1013128 at bugs.launchpad.net
Fri Jun 15 02:38:25 UTC 2012
This bug was fixed in the package apt - 0.7.25.3ubuntu9.12
---------------
apt (0.7.25.3ubuntu9.12) lucid-security; urgency=low
* adjust apt-key to ensure no collisions on subkeys too. Patch thanks to
Marc Deslauriers. (LP: #1013128)
-- Jamie Strandboge <jamie at ubuntu.com> Thu, 14 Jun 2012 10:57:16 -0500
** Changed in: apt (Ubuntu Hardy)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1013128
Title:
gpg key shadowing
Status in “apt” package in Ubuntu:
Fix Released
Status in “apt” source package in Lucid:
Fix Released
Status in “apt” source package in Natty:
Fix Released
Status in “apt” source package in Oneiric:
Fix Released
Status in “apt” source package in Precise:
Fix Released
Status in “apt” source package in Quantal:
Fix Released
Status in “apt” source package in Hardy:
Fix Released
Bug description:
Georgi Guninski reported on http://seclists.org/fulldisclosure/2012/Jun/267 (slightly modified for language):
"While wasting my time with apt-key noticed strange behaviour with
colliding subkeys.
Out of paranoia ubuntu disallows importing certain trusted keyids.
This is trivial to circumvent by making a collision with subkey.
Attached is a key with subkey keyid colliding with
Ubuntu Archive Master Signing Key <ftpmaster () ubuntu com>.
By emulating apt-key netupdate, noticed that the order of the keyrings
is important. If the master keyring is first, the colliding key with
correct signature fails validation (probably because the other key is used).
If the colliding keyring is first, everything is ok (modulo reporting wrong
signer).
Probably this may lead to gpg abuse.
colliding first:
$gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --keyring /tmp/sec1
--keyring /usr/share/keyrings/ubuntu-master-keyring.gpg --check-sigs
/tmp/sec1
---------
pub 1024R/76A4410F 2012-06-13
uid f...31 (f) <f () f>
sig!3 76A4410F 2012-06-13 f...31 (f) <f () f>
sig! 3F272F5B 2012-06-13 f...31 (f) <f () f>
sig! 3F272F5B 2012-06-13 f...31 (f) <f () f>
sub 1024R/2376C859 2012-06-13
sig! 76A4410F 2012-06-13 f...31 (f) <f () f>
sub 2180R/3F272F5B 2012-06-13
sig! 76A4410F 2012-06-13 f...31 (f) <f () f>
/usr/share/keyrings/ubuntu-master-keyring.gpg
---------------------------------------------
pub 4096R/3F272F5B 2007-11-09
uid Ubuntu Archive Master Signing Key <ftpmaster () ubuntu com>
sig!3 3F272F5B 2007-11-09 f...31 (f) <f () f> #wrong
1 signature not checked due to a missing key
master first:
$gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --keyring
/usr/share/keyrings/ubuntu-master-keyring.gpg --keyring /tmp/sec1 --check-sigs
/usr/share/keyrings/ubuntu-master-keyring.gpg
---------------------------------------------
pub 4096R/3F272F5B 2007-11-09
uid Ubuntu Archive Master Signing Key <ftpmaster () ubuntu com>
sig!3 3F272F5B 2007-11-09 Ubuntu Archive Master Signing Key <ftpmaster () ubuntu com>
/tmp/sec1
---------
pub 1024R/76A4410F 2012-06-13
uid f...31 (f) <f () f>
sig!3 76A4410F 2012-06-13 [User ID not found]
sig- 3F272F5B 2012-06-13 Ubuntu Archive Master Signing Key <ftpmaster () ubuntu com> # wrong, signer is a
subkey of f () f
sig- 3F272F5B 2012-06-13 Ubuntu Archive Master Signing Key <ftpmaster () ubuntu com> # wrong, signer is a
subkey of f () f
sub 1024R/2376C859 2012-06-13
sig! 76A4410F 2012-06-13 [User ID not found]
sub 2180R/3F272F5B 2012-06-13
sig! 76A4410F 2012-06-13 [User ID not found]
2 bad signatures
1 signature not checked due to a missing key"
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128/+subscriptions
More information about the foundations-bugs
mailing list