[Dev] Bug #567 has significant security impact on binaries
Michał Masłowski
mtjm at mtjm.eu
Sat Jun 27 15:54:00 GMT 2015
> The package will be compiled, and immediately signed with the packager's
> key during compile process.
This isn't nice for batch builds: user leaves the computer building for
hours, then runs librerelease, inputs the GPG passphrase for pinentry,
gpg-agent will cache it for a short time.
> 1) Someone or something could modify the package while it's sitting
> around waiting to be uploaded on the packager's computer.
If the developer changes file permissions so others can write to their
files, and has malicious local users or sufficient remotely-exploitable
vulnerabilities, there are much bigger problems.
> 2) If librerelease is signing binaries only, what is to prevent someone
> from taking a random modified binary and pushing it to the main repo
> with their key?
This can be solved only by not having the developers build and upload
anything to the repo.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20150627/15ad26ac/attachment.sig>
More information about the Dev
mailing list