[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please test gzip -9n - related to dpkg with multiarch support

On Wed, 2012-02-08 at 07:57 +0000, Lars Wirzenius wrote:
> On Tue, Feb 07, 2012 at 10:49:23PM +0000, Ben Hutchings wrote:
> > But it's worse than this: even if dpkg decompresses before comparing,
> > debsums won't (and mustn't, for backward compatibility).  So it's
> > potentially necessary to fix up the md5sums file for a package
> > installed for multiple architectures, if it contains a file that was
> > compressed differently.
> I'm uncomfortable with the idea of checking checksums only for
> uncompressed data. Compressed files have headers, and at least for
> some formats, it seems those headers can contain essentially 
> arbitrary data. This allows compressed files to be modified in
> rather significant ways, without debsums noticing, if debsums
> uncompresses before comparing.
> Further, uncompressors have the potential for security problems.
> See https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2624 for example.
> In other words: debsums needs to decompress to verify that no
> files have been tampered with, but doing so can invoke an attack.
> Such an attack may be unlikely, but it would seem to be a better design
> to not open up the possibility for it.

I wasn't suggesting debsums would do decompression.


Ben Hutchings
The generation of random numbers is too important to be left to chance.
                                                            - Robert Coveyou

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: