Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: "Robin H. Johnson" <robbat2@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] [v1.0.1] GLEP 74: Full-tree verification using Manifest files
Date: Sun, 29 Oct 2017 20:40:04
Message-Id: robbat2-20171029T200544-577814018Z@orbis-terrarum.net
In Reply to: [gentoo-dev] [v1.0.1] GLEP 74: Full-tree verification using Manifest files by "Michał Górny"
1 On Sun, Oct 29, 2017 at 08:07:56PM +0100, Michał Górny wrote:
2 > File verification model
3 > -----------------------
4 > The verification model aims to provide full coverage against different
5 > forms of attack. In particular, three different kinds of manipulation
6 > are considered:
7 s/three/four/
8 > 1. Alteration of the file content.
9 >
10 > 2. Removal of a file.
11 >
12 > 3. Addition of a new file.
13 Add:
14 4. Metadata replay attacks [C08].
15
16 > In order to prevent against all three, the system requires that all
17 > files in the repository are listed in Manifests and verified against
18 > them.
19 s/three/four/.
20
21 > Timestamp field
22 > ---------------
23 ...
24 > A malicious third-party may use the principles of exclusion and replay
25 Insert [C08] after 'replay'.
26
27 > Strictly speaking, this is already provided by the various
28 > ``metadata/timestamp.*`` files provided already by Gentoo which are also
29 > covered by the Manifest. However, including the value in the Manifest
30 > itself has a little cost and provides the ability to perform
31 > the verification stand-alone.
32 Implementation Note: with TIMESTAMP, some of the old timestamp files will be obsolete; they
33 will already need special handling in Manifest generation, because they are
34 added VERY late in distribution. Sadly not all of them, because of legacy
35 dependencies (they will get IGNORE entries instead, as they are populated much
36 later than manifest generation).
37
38 > References
39 > ==========
40 Additions:
41
42 .. [#C08] Cappos, J et al. (2008). "Attacks on Package Managers"
43 (https://www2.cs.arizona.edu/stork/packagemanagersecurity/attacks-on-package-managers.html)
44
45 --
46 Robin Hugh Johnson
47 Gentoo Linux: Dev, Infra Lead, Foundation Asst. Treasurer
48 E-Mail : robbat2@g.o
49 GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
50 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-dev] [v1.0.1] GLEP 74: Full-tree verification using Manifest files "Michał Górny" <mgorny@g.o>
Report Message
Find on MARC Find on Google Groups