Automatic update of core + potential for malicious code getting uploaded to the source repos = very nice recipe for taking over a huge amount of the web!
WordPress and Debian have both had bad stuff uploaded to their repositories. It could happen to Drupal too. For that reason alone I think auto-updating is a really bad idea -- it makes for a very nice target for an attacker! Here's how an attack might play out: 1. Attacker plants some keylogger on a core committer's machine, captures their credentials. 2. Attacker builds an exploit and uploads it to Core, immediately before the default update check time for sites set to UTC or some large time zone. 3. All sites configured for auto-update download the new exploit. 4. Exploit changes the update source to their own malicious repository. 5. Millions of exploited web sites are now at the attacker's disposal -- done right, huge numbers of site admins would never realize their sites were compromised. This would not be difficult to do -- all you need to do is get the credentials for one person with appropriate access. And while it would certainly be discovered and caught, it could do some pretty widespread damage in a short amount of time, and leave a bunch of compromised sites out there available to do far more damage than your ordinary Windows bot-net... Ugh. No thanks. Cheers, John Locke http://freelock.com On 09/01/2011 11:03 AM, Gaelan Bright Steele wrote: > I see. I got the idea from WordPress, which knows how to automatically update > itself. > On Sep 1, 2011, at 10:46 AM, Todd wrote: > >> If you have drush, you can run `drush pm-update` to automatically update >> core and contrib. >> >> I'm not sure if I'd build in automatic updating of core in Drupal, though, >> since it's a bit more complex than updating a module and many more things >> can go wrong. >> >> Todd >> >> On 1 Sep 2011, at 13:36, Gaelan Bright Steele wrote: >> >>> Hi Everybody >>> Has anyone thought about automatic updates/upgrades to the Drupal core? If >>> not, I would implement it. Excuse me if there is already a conversation >>> going on about this--I am new here. >>> Gaelan >>> > Sincerely, Gaelan > > > !DSPAM:4e5fcd1d186229553215262! > -- John Locke Manager, Freelock Computing The Open Source for Business Solutions http://www.freelock.com [email protected] 206-579-4836
