> Last I checked, CVE-2007-4559 is still not fixed; and surely not the only
> unfixed (let alone currently unknown)
> such vulnerability that may suddenly become a problem when you switch to a
> scheme where you need to
> unpack an archive before you can verify the authenticity of its contents.
Ok, I propose the following archive format which is immune from all such
classes of attacks:
A gpg --armor crypto-signature of your choice
4 null bytes (just in case we want to extend this scheme; otherwise a single
null byte will do)
A base64 of any archive format you want
Can be produced via cat
The signature only covers the base64 contents
The unpacker needs only support the following logic:
Read bytes until you hit the first null and dump contents into
${original_filename}.sig; skip the 4 null bytes and
dump rest of file into ${original_filename}.contents
You can now use a separate signature to validate a separate file; that was
distributed as a single file in a format
that doesn't not contain any logic or condition beyond the null split.
Now the only dangers exist in your signature itself, chain of trust, etc and
I'm not solving that.
-Jeremiah
