On 07/02/2017 07:01 PM, Ismael Bouya wrote: > (Mon, Jul 03, 2017 at 12:29:44AM +0200) Morten Linderud : >> But HTTPS doesnt matter here. We have a trusted signer inn the PKGBUILD, >> anyone can MITM for the good of their life. >> Unless they can fake the signature (Hint; they cant), or trick Lennart into >> signing something he shouldnt (Hint; he >> wont), we don't have a case here. It doesn't really matter if its HTTP or >> HTTPS. >> >> You also didn't really reply about the threat model. > > If I understand correctly what Nicohood meant, > what could happen is that version X of systemd (or anything else) has a > well known vulnerability, fixed in X+1. X+1 is packaged, so anyone > up to date thinks "good I'm safe now". But since a man in the middle can > force to download version X (signed by the systemd maintainer so > considered "secure"), he can force you to download that version when you > create the package and you'll think you have the safe version while > having the unsafe one.
Okay, this I am genuinely curious about.
In what circumstances can I have:
- the systemd repository cloned over the git:// protocol
- an annotated tag for systemd v233 signed by Lennart Poettering.
- an annotated tag for systemd v232 signed by Lennart Poettering.
- a man in the middle attack
- `git verify-tag --raw v233` reports a GOODSIG with a VALIDSIG
${fingerprint} that matches with Lennart's known GPG fingerprint as
recorded in validpgpkeys
And as a result, when I run the git command `git checkout
refs/tags/v233`, I am tricked into getting v232 instead which contains a
vulnerability. Also, I wouldn't be alerted by the verbose printing of
the systemd version which happens during the boot process, nor by
$systemd_binary --version
...
Because I don't think git works that way, but I am willing to be proven
wrong. Also I bet the git developers would be fascinated to hear the
details, you might even get some sort of bounty for successfully hacking
git like that.
--
Eli Schwartz
signature.asc
Description: OpenPGP digital signature
