1) Your attack scenario the attack only works for users who choose to install a package without a signature (to opt out of using the installer's verify signature option) and therefore is equivalent to the current level of (in)security. So worst case for a user who doesn't use the signatures is the same.
However,
2) Any user who insists on a signature would be alerted to the lack of one by the installer and could opt out of the installation. Additionally, the installer could raise an alarm so an alert is automatic. This is a great improvement over the current scheme as this scenario is far less likely to happen under the current scheme. In addition, if an attacker alters only the source, the more secure and difficult to alter fink patches won't work, further securing the system.
3) By using separate, third-party key servers, the likelihood of forging original source, package, signature, and key is remote making this security adequate for a majority of those who want such a security level as an option.
As an added security, the source packages on other servers could be hashed and signed on the fink server as well though because of the aforementioned "patch" phase-shift, this may not be necessary.
On Friday, Nov 29, 2002, at 18:48 US/Pacific, Jeremy Erwin wrote:
On Friday, November 29, 2002, at 05:13 PM, Xavier HUMBERT wrote:And signing the info file is just an extra step, which can be easylyattack as follows:
automated. A detached signature, would add the extra bonus that info
file is not modified, thus no need to modify trhe parsing code. If there
is a "blah-0.9-1.info.asc", verify "blah-0.9-1.info", using packager's
public key, otherwise, skip it.
break into cvs server, or spoof, or whatnot
delete blah-0.9-1.info.asc
upload new, improved version of blah-0.9.-1.info
victim's computer checks for asc, sees that there is none on file.
victim's computer builds, compiles, and packages trojan horse package.
Jeremy
-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Fink-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/fink-devel
-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Fink-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/fink-devel
