Robert Ransom <rransom.8774@xxxxxxxxx> wrote: > On 2012-03-02, Andrew Lewman <andrew@xxxxxxxxxxxxx> wrote: > > > The trick is, I like to think I know what I'm doing and that I'll > > notice if apt-get or my VM image fails to transfer untouched. Whether > > I'll actually notice a sophisticated exploit in deb packages or my vm > > image modified in perfect way that gpg or sha256 hashes don't detect, > > remains to be seen. If I pulled a random person out of a barcamp and > > asked them to do a OS X or Windows update over transparently proxied > > tor, would they notice if the package was modified in transit? What do > > these OSes do in this case? What about freebsd ports? > > Every FreeBSD port's list of distfiles includes hashes and sizes of > each distfile to be downloaded. If I remember correctly, the only > required hash is SHA-256. Of course this only helps if you are actually building the packages from source, something the "random person out of a barcamp" probably doesn't do. The official packages are neither signed nor transferred securely when using pkg_add -r. It's my impression that signed packages aren't a priority for the BSDs in general. > portaudit downloads, ungzips and untars an unsigned file as root, then > parses a text file extracted from what was hopefully a tarball in a > shell script run (unnecessarily) as root. Sucks to be a FreeBSD user. While there's no need to run portaudit at root, I agree that a signed auditfile.tbz would be preferable. > But apt uses GPG (run with (necessarily) root privileges) to verify > the files it downloads. Sucks to be a Debian user when someone finds > another code-exec bug in GPG's parsing code. I don't see why apt absolutely has to run a gpg with root privileges. If it really does it, it seems more like an implementation detail than a necessity. Fabian
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk