[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: A Look In the Mirror: Attacks on Package Managers

* Fernando Lemos:

> 1. Man-in-the-middle attacks between clients and security update servers
> 2. Denial-of-service attacks to the security updates infrastructure
> 3. No trusted servers for security updates for testing and unstable
> Using HTTPS for the security update infrastructure could solve #1,

Not really, because the mirrors are already middlemen, so encrypting
the transport to them doesn't change much.

> Now if we had a timestamp in the root metadata updated on a daily
> basis, that would solve #1 and #3

Actually, it wouldn't because we do not provide a secure time source.
pool.ntp.org faces the same theoretical issues as our mirror network.

You'd have to fetch the root metadata from a trusted server over
something like HTTPS (that is, something with authentication and a
challange-response component built in).

Reply to: