From owner-freebsd-security@freebsd.org Mon Jan 27 16:42:04 2020 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CAAAC1FBBD4 for ; Mon, 27 Jan 2020 16:42:04 +0000 (UTC) (envelope-from gjb@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 485wWc4mD6z4ZGb; Mon, 27 Jan 2020 16:42:04 +0000 (UTC) (envelope-from gjb@freebsd.org) Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by freefall.freebsd.org (Postfix) with ESMTPS id 2F1BB227B6; Mon, 27 Jan 2020 16:42:04 +0000 (UTC) (envelope-from gjb@freebsd.org) Date: Mon, 27 Jan 2020 16:42:01 +0000 From: Glen Barber To: Nathan Dorfman Cc: freebsd-security@freebsd.org Subject: Re: Cryptographic signatures of installer sets Message-ID: <20200127164201.GB9584@FreeBSD.org> References: <20200125200007.GA11@rtfm.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="fKfh0xY2eB01Z/0V" Content-Disposition: inline In-Reply-To: <20200125200007.GA11@rtfm.net> X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jan 2020 16:42:04 -0000 --fKfh0xY2eB01Z/0V Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jan 25, 2020 at 08:00:07PM +0000, Nathan Dorfman wrote: > Hello all, >=20 > I really hope I'm missing something here, and we can all have a nice > chuckle at my expense. >=20 > But I can't see any way the integrity of the installer sets (base.txz, > kernel.txz and friends) can be verified cryptographically? There is a > MANIFEST file containing SHA256 checksums, but it itself does not appear > to be signed in any way. >=20 > The installer images do come with PGP-signed checksums. So, when using > an image that already contains all the sets, one can be sure they are > authentic. What happens when one uses a network-only installer, though? > How can it authenticate the sets it downloads from the user's chosen > mirror? >=20 > A cursory glance at src/usr.sbin/bsdinstall suggests that it does not, > in fact, do that. Checksums are compared against the MANIFEST (in > scripts/checksum), but that is itself simply downloaded from the same > mirror (in scripts/jail), usually over plain FTP, without any > authentication. >=20 No, this last part is not true. The installer always verifies the checksums against /usr/freebsd-dist/MANIFEST on the installation medium. In particular, this was done in r293223, where the LOCAL_DISTRIBUTIONS variable explicitly contains the MANIFEST. Glen --fKfh0xY2eB01Z/0V Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAl4vEtUACgkQAxRYpUeP 4pOaiA//Zw3CNf/io/WiClS6MNLt0y1EfeSB//5+e95zd+xvVNKf6bmvf1zD4qO3 MrrogmMQiVOzYPH29dbHHLsLkmf8aBXkzQuVEONQrKAwGWcgTYggoRf+xHdeLSqr 4PF1BrdrJIGS/hd/7q1hs017dsaqkpPXIZVuS1Vkm1tGBXYtQviKcLSRui9cGmMv j6xSCwBaGVPw+9wJKPc7As3QHsJkpTfhY8y0vcCbMTjKWhvG/fkjXXKPCpJd3g2t e9U/tYE+8LZY+2eR2xR4AED2LKwLddtXkmXWGot1eel195sz33c45lNsfw5aVpw+ HxLOmKMYQpvkKFaeUUJE0xqn5CEVieMNiHvyiI+PxGnyHZXTl8UHw9ATw6tU/Ybm LIX9QBzYWWcZtHCjsBjcGd9F4/qjm46s860EJUt+KJ9z/FZs3oILMlzNDE9Hal9J ScJ98a31j0AOp6C+Nv/J6digNvlnGumIMnsPMu7kGCufb0raNetAwEbQ+vv4TQ7z t0PsjWx/JgQhGyNZ2NrF/cLNI/o/zNuaChQHrAa2zChTLNs2CjaGcuJWj4T+7fOr ikQ6MoQ3q6z5/OKO/sJEQ9ErSYTyuH+PXWztFnNSnD1hIMUhdmpeJRVr9vgExwPX jnuuXf9Fc9nURf11DOBR+QQB5ToM875gtJd72Q0PqhHSBe2Pqdw= =kBOZ -----END PGP SIGNATURE----- --fKfh0xY2eB01Z/0V--