Boost logo

Boost :

From: Rene Rivera (grafik.list_at_[hidden])
Date: 2004-12-20 22:52:30


Stefan Seefeld wrote:
> Rene Rivera wrote:
>
>> OK, got that.. But my point was that there is no such thing as passive
>> data when you distribute programs, or fragments thereof.
>
> When I download a tar.bz file there isn't *anything* anybody can do with
> that file. It's simply not executable. Setting the executable bit will
> just cause the system to throw up its hands with an error message.

But that has nothing to do with someone tampering with the source code
that is in the archive, which users compile and execute. If someone
inserts malicious code in the archive it will be at least as dangerous
as the executable you use extract the archive, even if it is part of a
self extracting archive.

> Providing the 'convenience' of self-executability is just a huge
> dis-service
> to all potential recipients, at least when security is an issue.

And what I said is that if security is an issue no amount of fudging of
the "integrity" of the archives gets around the, *currently*, inherently
insecure process of producing and posting the archives.

> And, as far as tampering goes, what's wrong with checksums ?

If you don't secure the checksums themselves, they are equally
susceptible to tampering. i.e. the attacker can produce "correct"
checksums for the compromised archives.

>All you are
> interested in is to know that the file you downloaded is identical to
> the one your trusted peer packaged for you.

That requires that you provide cryptographically verifiable confirmation
that the content has not changed. Like a verified tamper proof crypto
signature procedure, easier said than done. You have to consider the
security of the originating device (computer+human+software), the
destination device, and all the devices in between (the SF servers,
routers, etc).

For more detail on the what can and can't be done read some of
Scheiner's articles: http://www.schneier.com/ - For example this essay:

http://www.schneier.com/essay-037.html
Why Cryptography Is Harder Than It Looks

-- 
-- Grafik - Don't Assume Anything
-- Redshift Software, Inc. - http://redshift-software.com
-- rrivera/acm.org - grafik/redshift-software.com - 102708583/icq

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk