From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Ivan Shmakov <ivan@siamics.net>
Newsgroups: gmane.emacs.devel
Subject: Re: Emacs package manager vulnerable to replay attacks
Date: Tue, 30 Dec 2014 11:45:13 +0000
Message-ID: <87iogt8ipi.fsf@violet.siamics.net>
References: <qRgJhF1EfrtAmBqmyTLGcOkoyCcHP7kWm6t8KBDxra2@local>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Trace: ger.gmane.org 1419939951 8054 80.91.229.3 (30 Dec 2014 11:45:51 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 30 Dec 2014 11:45:51 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Dec 30 12:45:46 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Y5vFB-0005se-Fp
	for ged-emacs-devel@m.gmane.org; Tue, 30 Dec 2014 12:45:45 +0100
Original-Received: from localhost ([::1]:36588 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Y5vFA-0002dv-NS
	for ged-emacs-devel@m.gmane.org; Tue, 30 Dec 2014 06:45:44 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:49795)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ivan@siamics.net>) id 1Y5vEr-0002ch-OZ
	for emacs-devel@gnu.org; Tue, 30 Dec 2014 06:45:26 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ivan@siamics.net>) id 1Y5vEq-00029J-EC
	for emacs-devel@gnu.org; Tue, 30 Dec 2014 06:45:25 -0500
Original-Received: from fely.am-1.org ([2a01:4f8:d15:1b86::2]:53124)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ivan@siamics.net>) id 1Y5vEq-00028y-5d
	for emacs-devel@gnu.org; Tue, 30 Dec 2014 06:45:24 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=siamics.net;
	s=a2013295; 
	h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:In-Reply-To:Date:Sender:References:Subject:To:From;
	bh=9/9RFnAyn4T/YtlF9JnyNn74D0gljvWzgsO7zOry+3Y=; 
	b=BQ0Vi5t3mLCYiUQT6lcMu4HCwLZ73BK0+JZSn2nZ4rEfA3vRCHFxpcp5xW7B4u2XkgY3TeOqJy2bbPmx70NWq2LD6+w3WpNEYWn8QR5z4lMN7I3qKuCH4gjSL9KtnHwXo/7JOOOQEEM3v0FNH05jHR9T+a5UUEneE5wnFygoLbA=;
Original-Received: from [2a02:2560:6d4:26ca::1:1d] (helo=violet.siamics.net)
	by fely.am-1.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.80) (envelope-from <ivan@siamics.net>) id 1Y5vEn-0005Fg-LP
	for emacs-devel@gnu.org; Tue, 30 Dec 2014 11:45:22 +0000
Original-Received: from localhost ([::1] helo=violet.siamics.net)
	by violet.siamics.net with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128)
	(Exim 4.80) (envelope-from <ivan@siamics.net>) id 1Y5vEg-00046A-GM
	for emacs-devel@gnu.org; Tue, 30 Dec 2014 18:45:14 +0700
Mail-Followup-To: emacs-devel@gnu.org
In-Reply-To: <qRgJhF1EfrtAmBqmyTLGcOkoyCcHP7kWm6t8KBDxra2@local> (Kelly Dean's
	message of "Tue, 30 Dec 2014 10:42:16 +0000")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Received-From: 2a01:4f8:d15:1b86::2
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:180886
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/180886>

>>>>> Kelly Dean <kelly@prtime.org> writes:

[=E2=80=A6]

 > To solve this problem, include a timestamp of archive-contents in
 > that file itself (so that the signature depends on the timestamp),
 > and have Emacs ignore any new archive-contents that's older than the
 > latest valid one that Emacs has already seen or is older than some
 > specified limit (IIRC Debian's apt-get uses a 10-day limit).

	Debian uses an explicit expiration date, as set in the InRelease
	(or Release) file.  Consider, e. g., [1]:

Date: Tue, 30 Dec 2014 08:52:15 UTC
Valid-Until: Tue, 06 Jan 2015 08:52:15 UTC

	For stable releases, Valid-Until: isn=E2=80=99t used (AIUI) [2]; perhaps
	then a fall back value of some kind is used.

[1] http://http.debian.net/debian/dists/jessie/InRelease
[2] http://http.debian.net/debian/dists/wheezy/InRelease

[=E2=80=A6]

 > Fortunately, all four of these features (package hashes, content
 > length, archive timestamps, and archive hash chaining) are
 > straightforward to implement.

	Well, thanks for the heads-up, but could you please file these
	as actual Emacs bug reports, perhaps even separate ones?  I=E2=80=99d
	then try to suggest patches within the next few days.  (Not that
	I=E2=80=99m the only person who could do that, anyway.)

--=20
FSF associate member #7257  http://boycottsystemd.org/  =E2=80=A6 3013 B6A0=
 230E 334A