From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: David Bremner <david@tethera.net>, Carl Worth <cworth@cworth.org>,
Adam Majer <amajer@suse.de>,
notmuch@notmuchmail.org
Subject: Re: [PATCH] build: sign tarball instead of sha256sum
Date: Thu, 14 Mar 2019 18:51:28 -0400 [thread overview]
Message-ID: <87ftrpgjdb.fsf@fifthhorseman.net> (raw)
In-Reply-To: <87lg1kcqg8.fsf@tethera.net>
[-- Attachment #1: Type: text/plain, Size: 2019 bytes --]
On Tue 2019-03-12 07:55:19 -0300, David Bremner wrote:
> David Bremner <david@tethera.net> writes:
>
>> Adam Majer pointed out in [1] the way were signing releases was
>> unusual. Neither Carl nor I could think of a good reason for
>> explicitely signing the checksum (internally of course that's what GPG
>> is going anyway).
>
> It seemed unlikely that there would be much testing for this (but feel
> free!), so I have pushed it. I can fix any glitches during the next
> release.
Sorry to only be getting to this now. I think the original mechanism,
despite being non-standard, is actually a more robust approach, so i
recommend reverting this change.
A detached signature on object X does *not* cover the name of object X.
So for some existing version Y of notmuch, if an attacker takes
notmuch-Y.tgz and notmuch-Y.tgz.asc and renames them both to
notmuch-Z.tgz and notmuch-Z.tgz.asc, they can make it look like a new
version (version Z) of notmuch is available! The only way to detect the
attack is to store a log of timestamps of previous releases, and try to
compare timestamps (though this itself can be confusing and wrong if we
were to maintain multiple branches concurrently). This permits a
"rollback" or "version freeze" attack, which we probably don't want to
encourage.
However, if the thing verified is the output of sha256sum, then the
*filename* of the tarball itself is included, then the standard
verification step will is sufficient to ensure that you've got the right
version in the filename.
In bash, verifying version 0.28.3 would look something like:
set -o pipefail
set -x
wget https://notmuchmail.org/releases/notmuch-0.28.3.tar.gz{,.sha256.asc}
gpgv --keyring ./notmuch-signers.pgp --output - notmuch-0.28.3.tar.gz.sha256.asc | sha256sum -c -
This is resistant to any attacker who manages to place or rename files
on https://notmuchmail.org/releases/.
That's why I support reversion here. Apologies for the delay in
encountering this thread.
Regards,
--dkg
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]
next prev parent reply other threads:[~2019-03-14 22:51 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-06 10:48 Release signatures Adam Majer
2019-02-10 13:51 ` David Bremner
2019-02-11 23:37 ` Carl Worth
2019-02-13 2:17 ` [PATCH] build: sign tarball instead of sha256sum David Bremner
2019-03-12 10:55 ` David Bremner
2019-03-14 22:51 ` Daniel Kahn Gillmor [this message]
2019-03-15 1:49 ` David Bremner
2019-03-15 8:48 ` Daniel Kahn Gillmor
2019-03-15 1:53 ` Adam Majer
2019-03-15 8:58 ` Daniel Kahn Gillmor
2019-03-15 10:49 ` David Bremner
2019-03-15 13:47 ` Daniel Kahn Gillmor
2019-03-15 13:56 ` David Bremner
2019-03-15 14:50 ` Daniel Kahn Gillmor
2019-03-15 14:30 ` Adam Majer
2019-03-15 16:48 ` Daniel Kahn Gillmor
2019-03-23 11:21 ` [PATCH] build: distribute signed sha256sums Daniel Kahn Gillmor
2019-03-23 12:35 ` [PATCH v2 1/3] build: ensure that SHA256_FILE is built Daniel Kahn Gillmor
2019-03-23 12:35 ` [PATCH v2 2/3] build: distribute signed sha256sums Daniel Kahn Gillmor
2019-03-23 12:35 ` [PATCH v2 3/3] build: Rename GPG_FILE to DETACHED_SIG_FILE Daniel Kahn Gillmor
2019-03-27 21:02 ` [PATCH v2 1/3] build: ensure that SHA256_FILE is built David Bremner
2019-03-15 11:35 ` [PATCH] build: sign tarball instead of sha256sum Adam Majer
2019-03-15 13:37 ` Daniel Kahn Gillmor
2019-03-15 14:18 ` Adam Majer
2019-03-15 13:50 ` David Bremner
2019-03-15 15:35 ` Daniel Kahn Gillmor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ftrpgjdb.fsf@fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=amajer@suse.de \
--cc=cworth@cworth.org \
--cc=david@tethera.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).