From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 079261382C5 for ; Thu, 25 Jan 2018 22:48:11 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 480A1E08FC; Thu, 25 Jan 2018 22:48:05 +0000 (UTC) Received: from mail-oi0-x241.google.com (mail-oi0-x241.google.com [IPv6:2607:f8b0:4003:c06::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E332FE089B for ; Thu, 25 Jan 2018 22:48:04 +0000 (UTC) Received: by mail-oi0-x241.google.com with SMTP id 8so2334582oix.13 for ; Thu, 25 Jan 2018 14:48:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=JYhUuvk3uqtxv84/90tj+REFbHhy3NssfS+PXycWLWE=; b=RdM3iGCS6p8Cp7V6bLcDVQZ2fg2u1pkUE7ZtvtYLwdA/yswCLuQYsqDaWz5PJEqnLA VXzd1yw5WvmkgzXzG7svozd9QZ/j+ZMLNHXOhO5aV4Zt8wvvNhZRrcnhUQcvsr+tE+Mj 1r+O/tHIoSqGs35Pm3mNzqg4OX94fvbmv+WNFrGXxEFQMXz27lVZA68Lt9sk4F5a5dyX TqcWEwKfooumV/WN60Kv+cf13A3X/YTW25Pv1ARbtEgcnShAVZL0ntMYuKfLTYrI5lMb gM9sfgV9bNLdQFybQIc6b5aGT/nfZuasSAKQQmWP4mj2TFxsRXlbCEsjfbsOI1HXzk8n lMZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to; bh=JYhUuvk3uqtxv84/90tj+REFbHhy3NssfS+PXycWLWE=; b=p9lQYStI0rKRDWIp+MVlCnOzrVSPQ4+UcseamfBv5tlYMsbOJ7KDg9UdCMZgvQoHoe NgIsL24d7xdCFctoSM0DNOMBqablDmaB5RNNrO5LQ4EYh3dj+HGFXmtkTZYIZkXm0Kj7 ii2Fg+5WJoTTq+6ZsNoMtK6n+4K2xBzHvBuYex5tdZMOIq/CAuCzSdHvcd5xzWiEIhoc 7SbTW9WLWHiPFJkmHeT9QhxTKKOpnzAEtistHMEy8SMQBb1TDVEZHYVfZl/70fOTWxRg 78cDQD0W4EldMTOBZT+o7SwpUyLq5PLIOS2ViCmoIB76nuGDjBNuoPYZA5ThvT1cfwMR qhwg== X-Gm-Message-State: AKwxytcTrhIFlWUagKj5uA8O8Hc/mzh9qkhumfoTixRjJrmrxGSoL21O 6JY01Gi+zJgAl/pv6zHE1Mm/dlOk6h9r9JbnPKshYQ== X-Google-Smtp-Source: AH8x22633qkazjADPxAVZXXDVzJxreOh4Gp3MTYjOtpFGfVn090w490z6h4UbP+rkuaTynTClAUciGF4P+sc5OKPQvE= X-Received: by 10.202.6.193 with SMTP id 184mr11670345oig.47.1516920483677; Thu, 25 Jan 2018 14:48:03 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Sender: alon.barlev@gmail.com Received: by 10.157.17.142 with HTTP; Thu, 25 Jan 2018 14:48:03 -0800 (PST) In-Reply-To: References: <1516874667.1833.4.camel@gentoo.org> <1516883717.1833.10.camel@gentoo.org> From: Alon Bar-Lev Date: Fri, 26 Jan 2018 00:48:03 +0200 X-Google-Sender-Auth: quWTBHWWaGrTf_c5YUBBZiI94Wc Message-ID: Subject: Re: [gentoo-dev] [News item review] Portage rsync tree verification (v2) To: gentoo-dev@lists.gentoo.org Content-Type: text/plain; charset="UTF-8" X-Archives-Salt: 8e2b4201-90a7-4337-8ea6-7efea45ad283 X-Archives-Hash: 0e10d4e78347b4cf419e473ed48d1327 On 26 January 2018 at 00:21, Robin H. Johnson wrote: > On Thu, Jan 25, 2018 at 11:55:58PM +0200, Alon Bar-Lev wrote: >> I did not looked into the detailed implementation, however, please >> make sure integrity check handles the same cases we have applied to >> emerge-webrsync in the past, including: > Gemato is the implementation of GLEP74/MetaManifest, which DOES > explicitly address both of these concerns. Good! Thanks. > >> 1. Fast forward only in time, this is required to avoid hacker to >> redirect into older portage to install vulnerabilities that were >> approved at that time. > Replay attacks per #1 are addressed via TIMESTAMP field in MetaManifest. Interesting, I tried again to understand how it is working without performing rsync to a temporary directory, compare the timestamp and reject if unexpected. Are we doing multiple rsync for the metadata? Long since I used this insecure rsync... For me it seems like webrsync and/or squashfs are much easier/faster to apply integrity into than rsync... :) Regards, Alon