From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paul Moore <pmoore@redhat.com>
Subject: Re: signed tarballs
Date: Thu, 13 Apr 2017 17:17:57 -0400
Message-ID: <CAGH-KgtJKi+Dzm1ff0f+zVaenoqTP0X7aiqsYwOrcu_iFPo-5Q@mail.gmail.com>
References: <20170406233134.GA32113@motoko> <3197080.UOV2hoHuAT@x2>
	<20170411104403.GB386@motoko> <1591540.lCI4k97X9x@x2>
	<20170413202811.GA18419@motoko>
	<CAFftDdovoD5zoRTtnDj39Jz0Wxej8a=+o_ftR-A4NN5AMu1yjQ@mail.gmail.com>
	<20170413205649.GA19785@motoko>
	<CAFftDdoCBmvSTEs6ktGs-3J=sNCEjWwKwj_5hnNAjyHrOLHtFg@mail.gmail.com>
	<CAHC9VhSyZG2CKZAX=ZYpiMbyDqbLQKhm+3-Vm1WJkL0CjRvhyA@mail.gmail.com>
	<CAFftDdo3tNqJW66Gi6vgeBSeW-pDtCsZsm0HaKqNqcW7R+QrFg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (ext-mx05.extmail.prod.ext.phx2.redhat.com
	[10.5.110.29])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id F199C60A99
	for <linux-audit@redhat.com>; Thu, 13 Apr 2017 21:17:58 +0000 (UTC)
Received: from mail-oi0-f70.google.com (mail-oi0-f70.google.com
	[209.85.218.70])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id AB4D837E64
	for <linux-audit@redhat.com>; Thu, 13 Apr 2017 21:17:58 +0000 (UTC)
Received: by mail-oi0-f70.google.com with SMTP id n64so52873530oia.8
	for <linux-audit@redhat.com>; Thu, 13 Apr 2017 14:17:58 -0700 (PDT)
In-Reply-To: <CAFftDdo3tNqJW66Gi6vgeBSeW-pDtCsZsm0HaKqNqcW7R+QrFg@mail.gmail.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: William Roberts <bill.c.roberts@gmail.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Thu, Apr 13, 2017 at 5:08 PM, William Roberts
<bill.c.roberts@gmail.com> wrote:
> On Apr 13, 2017 14:05, "Paul Moore" <paul@paul-moore.com> wrote:
>> Unless Steve has exclusive administrative access to people.redhat.com
>> (I think it is safe to say he does not, but correct me if I'm wrong
>> Steve <b>) you can't trust an unsigned checksum regardless of how
>> strong the https cert/crypto as the web admin could still tamper with
>> the data.
>
> Sure possible, but not super plausible. You're putting some trust in the
> administration of that website to begin with.

Come one man, you're smarter than this :)

I only called out the malicious admin case, but there are other cases
where someone with malicious intent could tamper with the checksum.
Some quick examples: hacked webserver, MITM https proxy, etc.

-- 
paul moore
security @ redhat