| 1 |
On 26 January 2018 at 00:21, Robin H. Johnson <robbat2@g.o> wrote: |
| 2 |
> On Thu, Jan 25, 2018 at 11:55:58PM +0200, Alon Bar-Lev wrote: |
| 3 |
>> I did not looked into the detailed implementation, however, please |
| 4 |
>> make sure integrity check handles the same cases we have applied to |
| 5 |
>> emerge-webrsync in the past, including: |
| 6 |
> Gemato is the implementation of GLEP74/MetaManifest, which DOES |
| 7 |
> explicitly address both of these concerns. |
| 8 |
|
| 9 |
Good! |
| 10 |
Thanks. |
| 11 |
|
| 12 |
> |
| 13 |
>> 1. Fast forward only in time, this is required to avoid hacker to |
| 14 |
>> redirect into older portage to install vulnerabilities that were |
| 15 |
>> approved at that time. |
| 16 |
> Replay attacks per #1 are addressed via TIMESTAMP field in MetaManifest. |
| 17 |
|
| 18 |
Interesting, I tried again to understand how it is working without |
| 19 |
performing rsync to a temporary directory, compare the timestamp and |
| 20 |
reject if unexpected. |
| 21 |
Are we doing multiple rsync for the metadata? |
| 22 |
Long since I used this insecure rsync... |
| 23 |
|
| 24 |
For me it seems like webrsync and/or squashfs are much easier/faster |
| 25 |
to apply integrity into than rsync... :) |
| 26 |
|
| 27 |
Regards, |
| 28 |
Alon |
Archives