Bug#499897: preventing replay attacks against the security archive

To: submit@bugs.debian.org
Subject: Bug#499897: preventing replay attacks against the security archive
From: Peter Palfrader <weasel@debian.org>
Date: Tue, 23 Sep 2008 15:15:08 +0200
Message-id: <[🔎] 20080923131508.GB15136@anguilla.noreply.org>
Reply-to: Peter Palfrader <weasel@debian.org>, 499897@bugs.debian.org

Package: ftp.debian.org, apt

Hi,

In RT#744[1] an attack was brought up wherein an adversary causes the
vicitim to use an outdated copy of the security mirror, thereby
preventing the victim from getting security updates.

The attack is not new, but Debian still has very little to offer for
preventing this kind of attack, or at least making it harder.

One proposed solution is to optionally add a "Valid-Until" field to
Release files on at least the security archive, tho it might make sense
for unstable etc also.

Apt should then be changed to reject Release files that have expired,
and probably also Release files from the future.

Cheers,
weasel

1. https://rt.debian.org/Ticket/Display.html?id=744
-- 
                           |  .''`.  ** Debian GNU/Linux **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/

Reply to:

Follow-Ups:
- Bug#499897: preventing replay attacks against the security archive
  - From: Joerg Jaspert <joerg@debian.org>
- Bug#499897: preventing replay attacks against the security archive
  - From: Joerg Jaspert <joerg@debian.org>

Prev by Date: Bug#382826: apt-get source failed with binary-only upload package
Next by Date: Bug#499897: preventing replay attacks against the security archive
Previous by thread: Bug#382826: apt-get source failed with binary-only upload package
Next by thread: Bug#499897: preventing replay attacks against the security archive
Index(es):
- Date
- Thread