Christoph Anton Mitterer wrote:
... I've just hat a quick glance at current upstream: https://svn.code.sf.net/p/smartmontools/code/trunk/smartmontools/update-smart-drivedb.in
Comments are welcome.
It seems it now contains some code verification, both X.509 CA based and/or OpenPGP based. I think the X.509 CA / TLS based one can be just tossed (because X.509 PKI is inherently flawed and insecure - just take the ~150 CAs Mozilla ships, many of them already completely untrustworthy, with even more sub-CAs (that are even more untrustworthy).
Agree.
OpenPGP would be in principle ok. However, I haven't really checked the implementation of it (i.e. how the code downloading, verification is done... on a first glance, I'd say it allows at least for replay attacks.
Could you possibly describe an attack scenario?
Plus it automatically imports the shipped public key into the keyring of the executing user… which is IMO also unacceptable.
Of course this would be unacceptable. I'm at least somewhat sure that I didn't implement it that way :-)
Cheers, Christian smartmontools.org
