| |||||||||||||
Vsftpd backdoor discovered in source code (The H)Vsftpd backdoor discovered in source code (The H)Posted Jul 5, 2011 9:37 UTC (Tue) by tialaramex (subscriber, #21167)In reply to: Vsftpd backdoor discovered in source code (The H) by hpro Parent article: Vsftpd backdoor discovered in source code (The H)
Verifying an OpenPGP detached signature would be more reliable for package maintainers though since they would quickly develop a history. It's the same rationale as web browser add-ons that alert you when the SSL cert for a site you visit _changes_ on the basis that it's far more likely bad guys will attempt a MitM attack somewhere between your 1st and Nth visit than before the 1st visit.
This seems like it's worth building into package building automation. "Download new source" should be "Download, verify as authentic and refuse to continue if not" for every package that provides detached signatures. This would require explicit intervention if the author (or rather signer) changes, but that is a significant event of which the maintainer certainly should be aware.
(Log in to post comments)
Vsftpd backdoor discovered in source code (The H) Posted Jul 5, 2011 13:04 UTC (Tue) by drag (subscriber, #31333) [Link]
Plus it's very important to make sure that the servers that have the hash/signature/keyrings are going to be different from the ones that manage the packages.
You don't want one server compromise allow the attacker to not only upload his own package, but sign it also.
|
|||||||||||||