Re: Revival of the signed debs discussion
Joey Hess <firstname.lastname@example.org> writes:
> Goswin von Brederlow wrote:
> > What can we do with deb signatures?
> > For our current problem, the integrity of the debian archive being
> > questioned, the procedure would be easy and available to every user:
> > 1. get any clean Debian keyring (or just the key signing the keyring)
> > 2. verify the latest Debian keyring
> > 3. verify that each deb was signed by a DD and the signature fits
> The canoical attack against signed debs in this situation is to find a
> signed deb on snapshot.debian.net that contains a known security hole.
> Now inject it into the compromised archive, with a changed filename, and
> edit the Packages file to have its md5sum. Now a user's checks will
> succeed -- the package is signed with a developer's key -- but they will
> install the old, insecure .deb. The only hint will be a warning from
> dpkg that it is downgrading the package, and a clever attacker might
> avoid even that.
How would you avoid it?
If a compromise is suspected the Packages file can be recreated from
the actual signed names and versions inside the deb. apt/dpkg can be
made to check this before unpacking a deb too.
> I would still like to be able to produce signed debs, it's another layer
> of security, but they are no panacea.
So far it looks like we just have to run debsigs on each way station
to get a continous trust chain that is currently interruped at master
when the changes files split out to the lists only.