Date: Mon, 27 Jan 2020 16:42:01 +0000 From: Glen Barber <gjb@freebsd.org> To: Nathan Dorfman <na@rtfm.net> Cc: freebsd-security@freebsd.org Subject: Re: Cryptographic signatures of installer sets Message-ID: <20200127164201.GB9584@FreeBSD.org> In-Reply-To: <20200125200007.GA11@rtfm.net> References: <20200125200007.GA11@rtfm.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--fKfh0xY2eB01Z/0V Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jan 25, 2020 at 08:00:07PM +0000, Nathan Dorfman wrote: > Hello all, >=20 > I really hope I'm missing something here, and we can all have a nice > chuckle at my expense. >=20 > But I can't see any way the integrity of the installer sets (base.txz, > kernel.txz and friends) can be verified cryptographically? There is a > MANIFEST file containing SHA256 checksums, but it itself does not appear > to be signed in any way. >=20 > The installer images do come with PGP-signed checksums. So, when using > an image that already contains all the sets, one can be sure they are > authentic. What happens when one uses a network-only installer, though? > How can it authenticate the sets it downloads from the user's chosen > mirror? >=20 > A cursory glance at src/usr.sbin/bsdinstall suggests that it does not, > in fact, do that. Checksums are compared against the MANIFEST (in > scripts/checksum), but that is itself simply downloaded from the same > mirror (in scripts/jail), usually over plain FTP, without any > authentication. >=20 No, this last part is not true. The installer always verifies the checksums against /usr/freebsd-dist/MANIFEST on the installation medium. In particular, this was done in r293223, where the LOCAL_DISTRIBUTIONS variable explicitly contains the MANIFEST. Glen --fKfh0xY2eB01Z/0V Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAl4vEtUACgkQAxRYpUeP 4pOaiA//Zw3CNf/io/WiClS6MNLt0y1EfeSB//5+e95zd+xvVNKf6bmvf1zD4qO3 MrrogmMQiVOzYPH29dbHHLsLkmf8aBXkzQuVEONQrKAwGWcgTYggoRf+xHdeLSqr 4PF1BrdrJIGS/hd/7q1hs017dsaqkpPXIZVuS1Vkm1tGBXYtQviKcLSRui9cGmMv j6xSCwBaGVPw+9wJKPc7As3QHsJkpTfhY8y0vcCbMTjKWhvG/fkjXXKPCpJd3g2t e9U/tYE+8LZY+2eR2xR4AED2LKwLddtXkmXWGot1eel195sz33c45lNsfw5aVpw+ HxLOmKMYQpvkKFaeUUJE0xqn5CEVieMNiHvyiI+PxGnyHZXTl8UHw9ATw6tU/Ybm LIX9QBzYWWcZtHCjsBjcGd9F4/qjm46s860EJUt+KJ9z/FZs3oILMlzNDE9Hal9J ScJ98a31j0AOp6C+Nv/J6digNvlnGumIMnsPMu7kGCufb0raNetAwEbQ+vv4TQ7z t0PsjWx/JgQhGyNZ2NrF/cLNI/o/zNuaChQHrAa2zChTLNs2CjaGcuJWj4T+7fOr ikQ6MoQ3q6z5/OKO/sJEQ9ErSYTyuH+PXWztFnNSnD1hIMUhdmpeJRVr9vgExwPX jnuuXf9Fc9nURf11DOBR+QQB5ToM875gtJd72Q0PqhHSBe2Pqdw= =kBOZ -----END PGP SIGNATURE----- --fKfh0xY2eB01Z/0V--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200127164201.GB9584>