On 26 January 2018 at 00:21, Robin H. Johnson <robb...@gentoo.org> wrote:
> On Thu, Jan 25, 2018 at 11:55:58PM +0200, Alon Bar-Lev wrote:
>> I did not looked into the detailed implementation, however, please
>> make sure integrity check handles the same cases we have applied to
>> emerge-webrsync in the past, including:
> Gemato is the implementation of GLEP74/MetaManifest, which DOES
> explicitly address both of these concerns.


>> 1. Fast forward only in time, this is required to avoid hacker to
>> redirect into older portage to install vulnerabilities that were
>> approved at that time.
> Replay attacks per #1 are addressed via TIMESTAMP field in MetaManifest.

Interesting, I tried again to understand how it is working without
performing rsync to a temporary directory, compare the timestamp and
reject if unexpected.
Are we doing multiple rsync for the metadata?
Long since I used this insecure rsync...

For me it seems like webrsync and/or squashfs are much easier/faster
to apply integrity into than rsync... :)


Reply via email to