Posted Dec 21, 2007 7:05 UTC (Fri) by geertj
Parent article: The backdooring of SquirrelMail
The more I read about source code being compromised, the more I am convinced we need technology support (as opposed to procedural support) to prevent any such modifications from being trusted and/or used by anyone. Projects have become so big that manual audits of the source code to look for backdoors become increasingly less effective. For example, if in the case of this SquirrelMail compromise, the attacker had also updated the checksum, then it may have taken even longer for this to come out.
A good place for implementing such support would in my view be the version control system.
The Monotone version control system identifies files and trees with a cryptographically secure fingerprints, and it uses digital signatures to assert arbitrary statements about versions and changes (such as: author so-and-so created this change on so-and-so date). The way I understand it, an attacker could add whatever he wants to a monotone repository, as long as the primary developers' public keys are not compromised, this will be completely harmless. A similar situation exists for a developer: you can pull whatever changes you want into your local repository database from whatever dodgy site on the net: as long as you have not assigned trust to a particular public key those changes will be harmless.
I am thinking of switching a few of my open source projects over to Monotone just to see how it works.
to post comments)