On Wed, Apr 29, 2015 at 01:59:55PM +0530, htrovao wrote: > Hi, > > today I've checked some stuff on apt-secure subject, and saw this: > > https://wiki.debian.org/SecureApt#How_to_manually_check_for_package.27s_integrity > > On this post of the wiki it didn't talked about verifying the size of > the file, for checking integrity of the package. So I was curious if apt > did or not checked file size during download/install. > > I checked Release/Packages files and they contain the checksums and the > size for each file. > (I already saw you guys discussing this sometime ago to avoid > hash-collision attacks, just don't know where...) > > Then I went to the apt source code, checking if it was verifying it > (someone on irc oftc #debian-security talked about checking it), and > reached this piece of code. > > file: apt-private/private-install.cc > 49 bool InstallPackages(CacheFile &Cache,bool ShwKept,bool Ask, bool > Safety) > ... > 145 if (DebBytes != Cache->DebSize()) > 146 { > 147 c0out << DebBytes << ',' << Cache->DebSize() << std::endl; > 148 c0out << _("How odd... The sizes didn't match, email > apt@packages.debian.org") << std::endl; > 149 } > > As the other guy said when I show this to him was that it is only a > warning (but it uses some special ostream c0out...), and if the file > size is different something "wrong" happened to the download, and if the > checksum matches but file size is different "a lot of wrong" happened > (hash-collision). > > Also this verification (file size) should be applied to apt-update for > all files except Release file that is signed (it also cannot be safely > compared, against nothing else). This is harmless. The file sizes for .deb files are verified in pkgAcqArchive::Done(): if (Size != Version->Size) { RenameOnError(SizeMismatch); return; } I think we do not check sizes of indices, though. Only seem to be checking a hashsum. > > I was checking ftparchive/cachedb.cc for the size match comparing but > lost myself in the process... No need to do that, no untrusted component involved. > > I was looking for it on source code but this is a big and complex > software! Maybe you guys can see it quickly if your doing it or not. > > I would really like to ear from you, email, chat... if there is anything > i can help, I'm available to do it. > > > Cheers to all, > and thanks for your attention > HT > > > > ## Some thoughts on integrity verification (not directly related to this) ## > > Some other solution against this kind of collision attacks could be > using two different hashing algorithms (sha1 and md5 for instance) and > they both must verify. I think it is very difficult to create a "perfect > collision" on a file for both algorithms. But i may be wrong, have to > check some hashing algorithms stuff, but looks like it in the following > links. That does not make much sense. The entire chain is verified by a single hash in the GPG signature anyway. -- Julian Andres Klode - Debian Developer, Ubuntu Member See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/. Be friendly, do not top-post, and follow RFC 1855 "Netiquette". - If you don't I might ignore you.
Attachment:
pgpKZHToVMy54.pgp
Description: PGP signature