On Wed, Apr 29, 2015 at 01:59:55PM +0530, htrovao wrote:
> Hi,
>
> today I've checked some stuff on apt-secure subject, and saw this:
>
> https://wiki.debian.org/SecureApt#How_to_manually_check_for_package.27s_integrity
>
> On this post of the wiki it didn't talked about verifying the size of
> the file, for checking integrity of the package. So I was curious if apt
> did or not checked file size during download/install.
>
> I checked Release/Packages files and they contain the checksums and the
> size for each file.
> (I already saw you guys discussing this sometime ago to avoid
> hash-collision attacks, just don't know where...)
>
> Then I went to the apt source code, checking if it was verifying it
> (someone on irc oftc #debian-security talked about checking it), and
> reached this piece of code.
>
> file: apt-private/private-install.cc
> 49 bool InstallPackages(CacheFile &Cache,bool ShwKept,bool Ask, bool
> Safety)
> ...
> 145 if (DebBytes != Cache->DebSize())
> 146 {
> 147 c0out << DebBytes << ',' << Cache->DebSize() << std::endl;
> 148 c0out << _("How odd... The sizes didn't match, email
> apt@packages.debian.org") << std::endl;
> 149 }
>
> As the other guy said when I show this to him was that it is only a
> warning (but it uses some special ostream c0out...), and if the file
> size is different something "wrong" happened to the download, and if the
> checksum matches but file size is different "a lot of wrong" happened
> (hash-collision).
>
> Also this verification (file size) should be applied to apt-update for
> all files except Release file that is signed (it also cannot be safely
> compared, against nothing else).
This is harmless. The file sizes for .deb files are verified
in pkgAcqArchive::Done():
if (Size != Version->Size)
{
RenameOnError(SizeMismatch);
return;
}
I think we do not check sizes of indices, though. Only seem to be
checking a hashsum.
>
> I was checking ftparchive/cachedb.cc for the size match comparing but
> lost myself in the process...
No need to do that, no untrusted component involved.
>
> I was looking for it on source code but this is a big and complex
> software! Maybe you guys can see it quickly if your doing it or not.
>
> I would really like to ear from you, email, chat... if there is anything
> i can help, I'm available to do it.
>
>
> Cheers to all,
> and thanks for your attention
> HT
>
>
>
> ## Some thoughts on integrity verification (not directly related to this) ##
>
> Some other solution against this kind of collision attacks could be
> using two different hashing algorithms (sha1 and md5 for instance) and
> they both must verify. I think it is very difficult to create a "perfect
> collision" on a file for both algorithms. But i may be wrong, have to
> check some hashing algorithms stuff, but looks like it in the following
> links.
That does not make much sense. The entire chain is verified by a single
hash in the GPG signature anyway.
--
Julian Andres Klode - Debian Developer, Ubuntu Member
See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.
Be friendly, do not top-post, and follow RFC 1855 "Netiquette".
- If you don't I might ignore you.
Attachment:
pgpKZHToVMy54.pgp
Description: PGP signature