Secure updating/installing of packages
Hello, theoretically it is possible that modified packages for Linux distributions are made available in order to create backdoors (e.g. through a hacked server or mirror, wrong IP routing / DNS resolving, or simply someone making available manipulated packages at a site under his control). I wonder how SuSE and other distros protect themselves against this threat. A MD5 only offers protection if before updating/installation it is checked against a list of packages and MD5's. However, when updating this list, it has to be made sure that the update comes from a trusted source and that it has not been tampered with. I have been told that for some Debian packages there is not even a MD5. At Gentoo I'm unsure if the list update is secure. Who knows about SuSE (YOU + Yast)? Thanks, Christian
On Jul 20, neodaxus@gmx.net <neodaxus@gmx.net> wrote:
theoretically it is possible that modified packages for Linux distributions are made available in order to create backdoors (e.g. through a hacked server or mirror, wrong IP routing / DNS resolving, or simply someone making available manipulated packages at a site under his control).
I wonder how SuSE and other distros protect themselves against this threat. [...] Who knows about SuSE (YOU + Yast)?
All SuSE packages are cryptographically signed with the SuSE build key (build@suse.de). It is automatically installed from the CDs. In addition to that, fou4s (http://fou4s.gaugusch.at/) allows you to install packages that are signed with fully trusted keys, apart from the SuSE key. Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus(at)gaugusch.at X Against HTML Mail / \
All SuSE packages are cryptographically signed with the SuSE build key (build@suse.de). It is automatically installed from the CDs.
But does YOU and Yast check the signature of every package before installing it? Who knows this for sure?
In addition to that, fou4s (http://fou4s.gaugusch.at/) allows you to install packages that are signed with fully trusted keys, apart from the SuSE key.
What do you mean by fully trusted keys? Thanks, Christian
Quoting Christian <neodaxus@gmx.net>:
All SuSE packages are cryptographically signed with the SuSE build key (build@suse.de). It is automatically installed from the CDs.
But does YOU and Yast check the signature of every package before installing it? Who knows this for sure?
I haven't looked at the code, but the program is supposed to, and a quick google search came up with the following: http://portal.suse.com/sdb/en/2002/05/swiegra_you-gpg.html Which is in regards to gpg being unable to check the signature and refusing to install the package.
In addition to that, fou4s (http://fou4s.gaugusch.at/) allows you to install packages that are signed with fully trusted keys, apart from the SuSE key.
What do you mean by fully trusted keys?
By default, only SuSE's gpg keys are trusted. If you have another trusted source that also signs its rpm's, then fou4s can import that key. I'm quite certain that fou4s checks every package, as I've used it to install non-suse packages. It will refuse to do so unless you give it the command line parameter to ignore gpg keys.
participants (4)
-
Christian -
Markus Gaugusch -
neodaxus@gmx.net
-
suse@rio.vg