On 31.01.2013 13:49, Andrey Borzenkov wrote: > В Fri, 11 Jan 2013 21:54:22 +0100 > Vladimir 'φ-coder/phcoder' Serbinenko <phco...@gmail.com> пишет: > >> Hello, all. I've just committed import of libgcrypt and implementation >> of related code to check signatures. Short usage: >> verify_detached FILE FILE.sig [pubkey.gpg] >> trust KEY.gpg >> distruct KEYID >> check_signatures=[enforce|no] >> >> grub-mkimage -k KEY gcry_dsa verify [...] >> >> When check_signatures=enforce every time anthing tries to open a file >> its signature (file.sig) is looked for and the open fails if signature >> is absent or invalid. > > There is no protection against file modification after signature was > verified. Is it intentional (i.e. it is not considered as viable > threat)?
That is indeed a problem. > One possibility is to cache file in memory on first open, > which ensures it cannot be modified externally. Possible but works only on relatively small files. For bigger files we need to make a chunk hash list. I'll add the easy part now and if ever needed we can add more difficult part as well. > >> Some limitations: >> 1) DSA keys only. RSA is more tricky since it needs padding and RSA >> should be progressively phased out, not put into new places due to some >> vulnerabilities (large classes of semiprimes are factorisable up to the >> point when a lot of care has to be taken to avoid them). >> 2) Not efficient. Checking every file is slow. Some hashlists should be >> implemented. >> 3) Not efficient. File is read twice though it's avoidable in many cases. > > > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
