Re: [pkg-discuss] pkg verify and elfhash...

Thu, 09 Sep 2010 13:47:46 -0700 

On  8/09/10 01:14 PM, Bart Smaalders wrote:

On 09/02/10 22:54, Darren Reed wrote:

In thinking about some of the internals of pkg as outlined
in this CR...

https://defect.opensolaris.org/bz/show_bug.cgi?id=16972

... I started to wonder what that does for our ability to detect
malicious change. A malicious change would be when a hacker
modifies the CTF and not the elfhash, resulting in different code
being run but "pkg verify" reporting the same.

Ok, so if a hacker is smart enough to do this then they can
probably also hack the local database in /var/pkg with which
the elfhash for a binary is compared.

But if the repository from whence the install is made is on another
host or otherwise secure, would it be possible to have "pkg verify"
use that as an authorative source, potentially putting the source
of the real hash out of arm's reach?
Or is that already the behaviour?
(the man page isn't clear about which data source is used for the
baseline comparison data.)


<back from Burning Man; catching up on old pkg-discuss mail>

As per usual, if a system is thought to be compromised by a
malicious attacker, no part of the system can be used to
verify its own integrity.

Right now we use the data on the system; we need to work on increasing
the ease of re-verifying all installed package manifests from an
alternate BE; this would be a good RFE.


Should RFEs for pkg go into bugzilla or bugster?

I think I can see two separate RFEs here:

- being able to specify the source of the information used to
  verify the package manifests (and installed data) rather than
  rely on /var/pkg. That could be either in another BE, a DVD
  or over the network.

- being able to specify the root directory under which the
  package manifests are found that need to be verified.
  That allows you to boot from a DVD/BE and do "pkg verify"
  from your hashes against what's in the other directory.

Together that would potentially let you boot from a 149 DVD
and verify a 147 install against the server used to install the
packages from.

Any others RFEs in this?

Darren

_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss

Reply via email to