Date: Wed, 30 Nov 2005 05:33:51 +1100 From: Peter Jeremy <PeterJeremy@optushome.com.au> To: aristeu <suporte@wahtec.com.br> Cc: freebsd-security@freebsd.org Subject: Re: Reflections on Trusting Trust Message-ID: <20051129183351.GB32006@cirb503493.alcatel.com.au> In-Reply-To: <002601c5f4fa$b5115320$e403000a@rickderringer> References: <20051129120151.5A2FB16A420@hub.freebsd.org> <002601c5f4fa$b5115320$e403000a@rickderringer>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2005-Nov-29 13:36:31 -0200, aristeu wrote: >I think the only problem that exists is the package/ports deployment. I >belive we can't trust only on hashes for this (tar already does a fine job >on integrity...), because it can be easily circunvented. Can you explain what you mean here. Virtually all distfiles needed to build a port have MD5 and maybe SHA-256 hashes embedded in the ports tree. The only way to easily circumvent these is to subvert the ports tree - which gets back to the issue of trusting the FreeBSD distribution. I agree that there's currently no integrity checking on packages. (And, BTW, tar has no integrity checks). >One thing that could do a good job is default install gnupg and pre-install >some important pgp public keys on ISOs releases, on root's profile... ... >My mom used to say "always prefer the pre-installed pub keys...". I don't believe this solves anything. The biggest problem is ensuring that you can trust your initial keyring or root certificate collection. Putting "trusted" keys on an ISO only gives you circular trust - you trust that the ISO image came from the people who made it. There's no easy way to verify that it came from the FreeBSD Project. The FreeBSD project also discourages the inclusion of GPL code in the base system, making gnupg unattractive as a base system candidate. Finally, PGP does not have the concept of "important" keys - this is closer to the X.509 model. The base system already includes tools for handling X.509 signatures (openssl) and there is already a collection of X.509 keys embedded in the ports system (security/ca-roots). -- Peter Jeremy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051129183351.GB32006>