From: Noam Postavsky <npostavs@gmail.com>
To: Stefan Kangas <stefan@marxist.se>
Cc: 19479@debbugs.gnu.org
Subject: bug#19479: Package manager vulnerable
Date: Tue, 05 May 2020 20:55:53 -0400 [thread overview]
Message-ID: <87k11pnap2.fsf@gmail.com> (raw)
In-Reply-To: <CADwFkm=XOkXyZB+SQut4wUq=cJDOyqjfnO3fPk_sG_UK+3qSFA@mail.gmail.com> (Stefan Kangas's message of "Fri, 4 Oct 2019 11:49:54 +0200")
Stefan Kangas <stefan@marxist.se> writes:
> Subject: [PATCH] Support package checksum verification
>
> This is the first step towards protecting users of package.el against
> metadata replay attacks.
> +(define-error 'bad-checksum "Failed to verify checksum")
Would it be useful to have bad-signature and this one share a parent?
(by the way, I kind of wonder why it's not called
package-bad-signature).
> + (cl-flet*
> + ((supported-hashes
> + (lambda ()
Is this a function (rather than a variable) just so it can be in the
same cl-flet* as do-check?
> + (or (seq-filter (lambda (h) (memql (car h) (secure-hash-algorithms)))
The list returned by secure-hash-algorithms includes sha1 and md5. This
is a problem if we're going to rely on signing them. We should at least
plan to have some way of filtering out some functions.
> + (a (cdr hash))
> + (b (secure-hash algorithm (current-buffer))))
> + (when-let ((a (package-desc-size pkg-desc))
> + (b (string-bytes (buffer-string))))
I risk descending into trivial nitpicking, but I think 'a' and 'b' are
bit too generic. Something like 'expected' and 'actual' would make it
harder to mix them up.
> +(defmacro run-verify-checksums-test (verify-checksums checksums)
> + "Run a test for `package-verify-checksums'."
> +(ert-deftest package-test--verify-package-checksums-nil/ignore-invalid ()
I think run-verify-checksums-test should be prefixed with package-test
(whereas the individual test names could be prefixed with just package).
next prev parent reply other threads:[~2020-05-06 0:55 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <qRgJhF1EfrtAmBqmyTLGcOkoyCcHP7kWm6t8KBDxra2@local>
2015-01-01 12:38 ` bug#19479: Package manager vulnerable Kelly Dean
2015-01-04 20:00 ` Stefan Monnier
2015-01-05 1:11 ` Kelly Dean
2015-01-05 2:16 ` Stefan Monnier
2015-01-08 3:31 ` bug#19479: [PATCH] " Kelly Dean
2015-01-08 3:44 ` Glenn Morris
2015-01-08 5:29 ` Kelly Dean
2015-01-08 14:39 ` Stefan Monnier
2015-01-08 21:06 ` Kelly Dean
2015-01-09 2:37 ` Stefan Monnier
2015-01-09 6:59 ` bug#19479: Copyright issue (was: Re: bug#19479: Package manager vulnerable) Kelly Dean
2015-01-09 15:17 ` bug#19479: Copyright issue Stefan Monnier
2015-01-09 15:29 ` David Kastrup
2015-01-09 19:57 ` Kelly Dean
[not found] ` <EitH3yok1Itmynw5Ex1Vi3AuvkREurR1ccm1J5MQD4E@local>
2015-01-09 20:24 ` Glenn Morris
[not found] ` <0etwzzu2gd.fsf@fencepost.gnu.org>
2015-01-09 20:32 ` Glenn Morris
2015-02-24 8:47 ` bug#19479: Emacs package manager vulnerable to replay attacks Kelly Dean
2015-01-11 2:56 ` bug#19479: (on-topic) Re: bug#19479: Package manager vulnerable Kelly Dean
2015-01-20 21:18 ` bug#19479: Disclaimer is now on file at FSF Kelly Dean
2015-02-24 18:11 ` Glenn Morris
2017-09-03 1:10 ` bug#19479: Package manager vulnerable Glenn Morris
2019-10-04 9:49 ` Stefan Kangas
2020-05-06 0:55 ` Noam Postavsky [this message]
2020-09-06 23:59 ` Stefan Kangas
2020-09-07 14:14 ` Noam Postavsky
2020-09-07 18:11 ` Stefan Kangas
2020-11-21 23:51 ` bug#19479: Package manager vulnerable to replay attacks Stefan Kangas
2020-11-26 0:43 ` Stefan Monnier
2020-11-26 2:06 ` Stefan Kangas
2020-11-26 2:30 ` Stefan Monnier
2020-11-26 3:02 ` Stefan Kangas
2020-11-26 3:11 ` Stefan Monnier
2020-11-26 3:56 ` Jean Louis
2020-09-07 17:19 ` bug#19479: Package manager vulnerable Stefan Kangas
2020-09-07 23:54 ` Noam Postavsky
2020-09-08 8:10 ` Stefan Kangas
[not found] <E1Y8Bor-0003yH-Mu@fencepost.gnu.org>
2015-01-06 6:38 ` Kelly Dean
2015-01-07 4:27 ` Richard Stallman
2015-01-08 3:33 bug#19536: [PATCH] package-upload-buffer-internal fails for tar files Kelly Dean
2015-01-08 5:50 ` Stefan Monnier
2015-01-08 7:10 ` Kelly Dean
2015-01-08 11:40 ` bug#19479: Package manager vulnerable Kelly Dean
2015-02-18 1:03 ` bug#19536: package-upload-buffer-internal fails for tar files Kelly Dean
[not found] <0ylhjngoxs.fsf@fencepost.gnu.org>
2015-02-24 23:02 ` bug#19479: Disclaimer is now on file at FSF Kelly Dean
[not found] ` <5j6SB8Hmg5euoiN2VLa1iolGVWZxTvwQ1LnsgFUQiDZ@local>
2015-02-25 21:09 ` Glenn Morris
[not found] ` <yuegpd8zq2.fsf@fencepost.gnu.org>
2017-09-02 12:24 ` Eli Zaretskii
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k11pnap2.fsf@gmail.com \
--to=npostavs@gmail.com \
--cc=19479@debbugs.gnu.org \
--cc=stefan@marxist.se \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).