Gentoo Archives: gentoo-portage-dev

From: Vladimir Diaz <vladimir.v.diaz@×××××.com>
To: gentoo-portage-dev@l.g.o
Cc: Justin Cappos <jcappos@×××.edu>, Patrick Schleizer <patrick-mailinglists@××××××.org>, adrelanos grayson <adrelanos@××××××.net>
Subject: [gentoo-portage-dev] Portage and Update Security
Date: Tue, 10 Mar 2015 21:15:38
1 Hi,
3 I am a developer in the Secure Systems Lab at NYU. Our lab has
4 collaborated with popular software update systems in the open-source
5 community, including APT, yum, and YaST, to address security problems.
6 More recently, we have been working on a flexible security framework
7 co-developed with the Tor project that can be easily added to software
8 updaters to transparently solve many of the known security flaws we have
9 uncovered in software updaters. We would like to work with The Portage
10 Development Project to better secure the Portage distribution system.
12 TUF
13 <>
14 (The Update Framework) is a library that can be added to an existing
15 software update system and is designed to update files in a more secure
16 manner. Many software updaters verify software updates with cryptographic
17 signatures and hash functions, but they typically fail to protect against
18 malicious attacks that target the metadata and update files presented to
19 clients. A rollback attack is one such example, where an attacker tricks a
20 client into installing older files than those the client has already seen
21 (these older files may be vulnerable versions that have since been fixed).
22 A full list of attacks and weaknesses the framework is designed to address
23 is provided here
24 <>
25 .
27 Our website <> includes more
28 information about TUF, including: papers
29 <> and a
30 specification
31 <>.
32 If you want to see how an existing project integrates TUF, there is a
33 standards track proposal
34 <>
35 to the Python community that you can review. A more rigorous proposal that
36 requires more administrative work on the repository, but provides more
37 security protections, is also available
38 <>.
40 We were thinking of submitting a pull request that shows how such an
41 integration would work. So there hopefully won't be much leg work on your
42 end apart from deciding how the system should be configured (key storage,
43 roles, etc.).
45 Would a pull request be of interest? Is there anything you'd like us to
46 say more about?
48 Thanks,
49 Vlad
51 P.S.
52 There are Informational <> and Standards
53 Track <> GLEPs that reference our work
54 and the security issues that our project addresses, but there hasn't been
55 much recent activity on these proposals.
58 --
59 vladimir.v.diaz@×××××.com
60 PGP fingerprint = ACCF 9DCA 73B9 862F 93C5 6608 63F8 90AA 1D25 3935
61 --


Subject Author
Re: [gentoo-portage-dev] Portage and Update Security "Rick \\\"Zero_Chaos\\\" Farina" <zerochaos@g.o>
Re: [gentoo-portage-dev] Portage and Update Security Zac Medico <zmedico@g.o>
Re: [gentoo-portage-dev] Portage and Update Security Alec Warner <antarus@g.o>