On Tue, 2014-06-17 at 10:48 +0200, David Kalnischkies wrote: > On Mon, Jun 16, 2014 at 12:04:51PM +0200, Thorsten Glaser wrote: > > Erm, no? You can just cache a working Sources file and exchange > > the paragraph you are interested in. That’s something that would > > be easy in a CGI written in shell, *and* perform well. Trivial. > > The "always" refers to the small problem that a MITM isn't in control of > what source package is acquired by the user later on. Modifying the > Source file is of course trivial, the hard part is making the > modification count given that at the time the request for the Sources > file is made you have no idea what (if any) source package the user will > request in 10 seconds/days following this 'apt-get update' (or > equivalent) – if the user isn't on to you given that you have thrown > away the signatures for binary packages, too, so that he can't even get > his build-dependencies without saying yes to a (default: no) warning. I don't quite understand why you think it's so difficult for an attacker to provide a complete archive, where he has added some trojan or whatever to more or less any source package? And if he just looks for main() in any source package an hooks in a little backdoor... or even if he just focuses on the most popular source packages...? > From a theoretical standpoint, this is of course all negligible, but in > practice it's so annoying/fragile that way better alternatives exist. > (Me messing up InRelease parsing [twice] for example with ironically far > less coverage - its all about catchy titles I guess) Well I've noticed that but was to depressed to make noise ;-) Anyway... the main question is from my side (at least regarding this sub-thread): Was there any... do we need any... how could we do any assessment about the integrity of the Debian archive and build infrastructure... (i.e. whether this or previous holes was actually used by someone)? I mean all the NSA&friends scandal has clearly shown one thing: There are many people/groups out there which really do want to break into every system and which even go the most "annoying" ways to reach their goal... being paranoid was actually always justified. Cheers, Chris.
Description: S/MIME cryptographic signature