Re: Bug#170069: ITP: grunt -- Secure remote execution via UUCP or e-mail using GPG
On Thu, Nov 21, 2002 at 08:36:37PM +0100, Alexander Neumann wrote:
> John Goerzen wrote:
> > GRUNT is a tool to let you execute commands remotely, offline.
> > It will also let you copy files to a remote machine.
> How did you solve the problem of re-sending such mails? Say, Joe Evil
> Cracker is able to catch a command mail containing "halt". Will he be
> able to shutdown my machine every time he want?
Each message has its "payload" and its header information (what command to
run, what file is being copied, etc.) GPG-signed. (The two are combined
together to a single file, which is GPG signed as a whole.)
This header information includes, among other things:
1. Date & time the file was prepared
2. pid that created the file
3. 2048 bits of random data
After verifying the signature on the data, the receiver does some sanity
checks. One of the checks is doing an md5sum over the entire file
(remember, this includes both the headers and the payload). If it
has seen the same md5sum in the last 60 days, it rejects the request. If
the date of the request was more than 30 days ago, it rejects the request.
Therefore, the sender is able to reissue the "halt" command legitimately as
often as he/she wants, since the random bits & time will ensure different
md5sums on the recipient. But replay attacks will be useless since the
recipient will have seen the request already, and will reject it.