Re: https for apt to prevent man in middle transparent proxy mirror attacks?

To: debian-devel@lists.debian.org
Subject: Re: https for apt to prevent man in middle transparent proxy mirror attacks?
From: Karl Hegbloom <hegbloom@pdx.edu>
Date: Sun, 04 Jul 2004 04:57:52 -0700
Message-id: <[🔎] 1088942273.28889.11.camel@bittersweet.localnet>
In-reply-to: <1086788682.24313.434.camel@bittersweet.localnet>
References: <1086788682.24313.434.camel@bittersweet.localnet>

On Wed, 2004-06-09 at 06:44 -0700, Karl Hegbloom wrote:
> Paranoia department (sign my key; target on my back):
>
> Government and corporate users who are somewhat paranoid can set up a
> quarantine mirror, mirror only source packages, and set up a build
> daemon, right?  The software setup for doing that should be packaged and
> made turnkey.  It seems less likely that the source package will contain
> the patch that adds the back door than it does that a binary could be
> patched with compromise codes, built, un-patched, then the source
> package built.
> 
> Perhaps uploading of binary packages should be done away with
> altogether, and all packages should be built on known secure servers by
> a build daemon?  It's easier to verify the source code and patches than
> it is to verify a binary, right?  Then it comes down to who's in control
> of the build servers, the archive network, and networks in between those
> hosts.

I've been thinking about this again.  What if Debian:

* Got rid of binary uploads, and went to source package only uploads,
and then everything is built by the build daemon.

* All packages are held in double custody, and cannot go into the
archive until they are verified and signed by at least two maintainers.
The two cannot be people who would be likely to be in cahoots with one
another, especially for libraries that a lot of packages depend on
(hairy nodes) and security centric software...

        I suppose anything that can attach to the X server can watch
        keystrokes?  Is that true?  A library used by SSH could maybe
        patch in and record your remote login passwords, then send them
        off to the virus factory.  There's probably a lot of tricks I've
        never heard or thought of.

        [ ... interjecting a funny thought I just had... what if that
        dust ball character in User Friendly is a node in a dotty graph
        with lots of edges... he's the circle with a lot of lines going
        away... a hairy node  :-)  Never mind. ]

* Debian implements SELinux, stack guard, ... ?

Fresh RPM's anyone?  ;-)

-- 
Karl Hegbloom <hegbloom@pdx.edu>

Reply to:

Follow-Ups:
- Re: https for apt to prevent man in middle transparent proxy mirror attacks?
  - From: Wouter Verhelst <wouter@grep.be>

Prev by Date: Re: standard apt/yum meta-data format
Next by Date: Bug#257574: ITP: nparted -- Newt and GNU Parted based disk partition table manipulator
Previous by thread: Re: Debian AMD64 Port Ready
Next by thread: Re: https for apt to prevent man in middle transparent proxy mirror attacks?
Index(es):
- Date
- Thread