It's not just the possibility of an attack that would be bad for Drupal. Given the amount of Drupal sites that are existence and playing devil's advocate for a bit, let's say that just 5% of them have been tweaked in such a manner that a core update will break them.
If we do auto-updates this could result in Drupal garnering attention that it doesn't want. Regards, Jonathan Dale On Sep 1, 2011, at 1:40 PM, John Locke wrote: > Automatic update of core + potential for malicious code getting uploaded > to the source repos = very nice recipe for taking over a huge amount of > the web! > > WordPress and Debian have both had bad stuff uploaded to their > repositories. It could happen to Drupal too. For that reason alone I > think auto-updating is a really bad idea -- it makes for a very nice > target for an attacker! > > Here's how an attack might play out: > > 1. Attacker plants some keylogger on a core committer's machine, > captures their credentials. > 2. Attacker builds an exploit and uploads it to Core, immediately before > the default update check time for sites set to UTC or some large time zone. > 3. All sites configured for auto-update download the new exploit. > 4. Exploit changes the update source to their own malicious repository. > 5. Millions of exploited web sites are now at the attacker's disposal -- > done right, huge numbers of site admins would never realize their sites > were compromised. > > This would not be difficult to do -- all you need to do is get the > credentials for one person with appropriate access. And while it would > certainly be discovered and caught, it could do some pretty widespread > damage in a short amount of time, and leave a bunch of compromised sites > out there available to do far more damage than your ordinary Windows > bot-net... > > Ugh. No thanks. > > Cheers, > John Locke > http://freelock.com > > On 09/01/2011 11:03 AM, Gaelan Bright Steele wrote: >> I see. I got the idea from WordPress, which knows how to automatically >> update itself. >> On Sep 1, 2011, at 10:46 AM, Todd wrote: >> >>> If you have drush, you can run `drush pm-update` to automatically update >>> core and contrib. >>> >>> I'm not sure if I'd build in automatic updating of core in Drupal, though, >>> since it's a bit more complex than updating a module and many more things >>> can go wrong. >>> >>> Todd >>> >>> On 1 Sep 2011, at 13:36, Gaelan Bright Steele wrote: >>> >>>> Hi Everybody >>>> Has anyone thought about automatic updates/upgrades to the Drupal core? If >>>> not, I would implement it. Excuse me if there is already a conversation >>>> going on about this--I am new here. >>>> Gaelan >>>> >> Sincerely, Gaelan >> >> >> !DSPAM:4e5fcd1d186229553215262! >> > > > > -- > John Locke > Manager, Freelock Computing > The Open Source for Business Solutions > http://www.freelock.com > [email protected] 206-579-4836 >
