From owner-freebsd-security@freebsd.org Sun Jan 26 07:37:04 2020 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C7620233116 for ; Sun, 26 Jan 2020 07:37:04 +0000 (UTC) (envelope-from ndorf@rtfm.net) Received: from iad1-shared-relay2.dreamhost.com (iad1-shared-relay2.dreamhost.com [208.113.157.41]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4854TC5k30z4gDC for ; Sun, 26 Jan 2020 07:37:03 +0000 (UTC) (envelope-from ndorf@rtfm.net) Received: from iad1-shared-relay1.dreamhost.com (iad1-shared-relay1.dreamhost.com [208.113.157.50]) by iad1-shared-relay2.dreamhost.com (Postfix) with ESMTP id 6FB9246DD43 for ; Sat, 25 Jan 2020 11:38:18 -0800 (PST) Received: from cloudburst.dreamhost.com (cloudburst.dreamhost.com [66.33.212.129]) by iad1-shared-relay1.dreamhost.com (Postfix) with ESMTP id E3390B40066 for ; Sat, 25 Jan 2020 11:33:56 -0800 (PST) Received: by cloudburst.dreamhost.com (Postfix, from userid 10401829) id BF00F86E; Sat, 25 Jan 2020 11:33:56 -0800 (PST) Date: Sat, 25 Jan 2020 19:33:55 +0000 From: Nathan Dorfman To: freebsd-security@freebsd.org Subject: Cryptographic signatures of installer sets Message-ID: <20200125193355.GA7@rtfm.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Rspamd-Queue-Id: 4854TC5k30z4gDC X-Spamd-Bar: +++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=fail (mx1.freebsd.org: domain of ndorf@rtfm.net does not designate 208.113.157.41 as permitted sender) smtp.mailfrom=ndorf@rtfm.net X-Spamd-Result: default: False [3.94 / 15.00]; ARC_NA(0.00)[]; R_SPF_FAIL(1.00)[-all]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_DN_NONE(0.00)[]; NEURAL_SPAM_MEDIUM(0.41)[0.413,0]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_LAST(0.00)[]; NEURAL_SPAM_LONG(0.09)[0.092,0]; RCVD_IN_DNSWL_NONE(0.00)[41.157.113.208.list.dnswl.org : 127.0.5.0]; RBL_SENDERSCORE(2.00)[41.157.113.208.bl.score.senderscore.com]; DMARC_NA(0.00)[rtfm.net]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:26347, ipnet:208.113.128.0/17, country:US]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.54)[ip: (1.92), asn: 26347(0.83), country: US(-0.05)] X-Mailman-Approved-At: Sat, 01 Feb 2020 22:42:56 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jan 2020 07:37:04 -0000 Hello all, I really hope I'm missing something here, and we can all have a nice chuckle at my expense. But I can't see any way the integrity of the installer sets (base.txz, kernel.txz and friends) can be verified cryptographically? There is a MANIFEST file containing SHA256 checksums, but it itself does not appear to be signed in any way. The installer images do come with PGP-signed checksums. So, when using an image that already contains all the sets, one can be sure they are authentic. What happens when one uses a network-only installer, though? How can it authenticate the sets it downloads from the user's chosen mirror? A cursory glance at src/usr.sbin/bsdinstall suggests that it does not, in fact, do that. Checksums are compared against the MANIFEST (in scripts/checksum), but that is itself simply downloaded from the same mirror (in scripts/jail), usually over plain FTP, without any authentication. Thanks, -nd.