[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Revival of the signed debs discussion

Goswin von Brederlow wrote:
> What can we do with deb signatures?
> For our current problem, the integrity of the debian archive being
> questioned, the procedure would be easy and available to every user:
> 1. get any clean Debian keyring (or just the key signing the keyring)
> 2. verify the latest Debian keyring
> 3. verify that each deb was signed by a DD and the signature fits

The canoical attack against signed debs in this situation is to find a
signed deb on snapshot.debian.net that contains a known security hole.
Now inject it into the compromised archive, with a changed filename, and
edit the Packages file to have its md5sum. Now a user's checks will
succeed -- the package is signed with a developer's key -- but they will
install the old, insecure .deb. The only hint will be a warning from
dpkg that it is downgrading the package, and a clever attacker might
avoid even that.

I would still like to be able to produce signed debs, it's another layer
of security, but they are no panacea.

see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: