In message <CAG6CVpV124ze+Y6xX2ZFqbM+3hJNEJWR2qpnChpey=pmiw6...@mail.gma il.com> , Conrad Meyer writes: > On Tue, Jun 19, 2018 at 6:08 PM, Stephen J. Kiernan <ste...@freebsd.org> wrot > e: > > Author: stevek > > Date: Wed Jun 20 01:08:54 2018 > > New Revision: 335402 > > URL: https://svnweb.freebsd.org/changeset/base/335402 > > > > Log: > > This application (veriexecctl) handles reading a fingerprints file > > Hi, > > This patchset needed design and code review prior to commit. It > appears to have serious problems. > > First and foremost: nothing is actually signed, anywhere. The > veriexecctl tool parses and tells the kernel to trust a file input. > But if we don't trust other files on the filesystem, why do we trust > that one? There is no embedded signature mechanism proving the hash > list file is trustworthy. > > As a corollary to the above, the name "signature file" is used > repeatedly in the code, which is misleading. The file contains hashes > (digests), not signatures (MACs). The file itself is unsigned. > Nothing about this has signatures. > > There's absolutely no reason to use sha1 or ripemd in new designs. > These should be removed. > > The patchset is littered with style issues. One fairly obvious issue > is mixed indentation styles â some files vary between space and tab > indentation from line to line. > > Please revert this patchset. It's not ready. > > Some suggestions for a second attempt: > > - Maybe use HMACs instead of raw hashes > - Maybe sign the source-of-trust file > - Fix the style issues > - Fix the compiler warnings at 6 - i386 format issues, build failures in multiple places
-- Cheers, Cy Schubert <cy.schub...@cschubert.com> FreeBSD UNIX: <c...@freebsd.org> Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few. _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
