Re: CLiki and ALU Wiki sites massively spammed

Christophe Rhodes wrote:
> "Nathan Baum" <nathan_baum@xxxxxxxxxxxxxx> writes:
>
> > Christophe Rhodes wrote:
> >> Right, which is why asdf-install does not trust the wiki. Instead, it
> >> asks you to trust library authors.
> >
> > It asks you to trust _Wiki authors_, who may not be the library
> > authors.
>
> No, it doesn't.

It does, for the reason you accept: signatureless packages can be
trivially spoofed. It also requires you trust Wiki authors not to make
packages unavailable, something which could be just as dangerous as
making a fake package if your current version has known exploits.

> >> With a wiki-like scheme, you have to trust
> >> * the individual library authors
> >> and no-one else.
> >
> > Assuming that the host they're using is safe from compromise, that your
> > DNS hasn't been hit by spoofing, and any of a number of other
> > scenarios.
>
> No. If my DNS has been hit by spoofing or the host they use is
> compromised, and I download a package that is signed by someone not in
> my trust ring (or not signed at all), then the system will have done
> its job: it will have alerted me to the fact that a package might not
> be what it seems. It is true that this relies on authors not being
> terribly stupid with their gpg private keys, and also on some minimal
> physical connection with the PGP Web of Trust, but it in no way relies
> on the integrity of any internet host.

You're right about the DNS spoofing, but not necessarily right about
the compromised host. Because of the way the Wiki system works, content
is not (necessarily) hosted by a third party. If I host a package on my
personal host and make it available via CLiki, and then my host is
compromised then it is possible that the attacker could sign a
corrupted package with my key.

> Christophe

.

Relevant Pages

  • Re: CLiki and ALU Wiki sites massively spammed
    ... It also requires you trust Wiki authors not to make ... > making a fake package if your current version has known exploits. ... If my DNS has been hit by spoofing or the host they use is ... this is not one host compromise but two: ...
    (comp.lang.lisp)
  • Re: CLiki and ALU Wiki sites massively spammed
    ... which is why asdf-install does not trust the wiki. ... > were to replace their links with a link to a compromised package on my ... > Assuming that the host they're using is safe from compromise, ...
    (comp.lang.lisp)
  • Re: CLiki and ALU Wiki sites massively spammed
    ... If my DNS has been hit by spoofing or the host they use is ... it will have alerted me to the fact that a package might not ... > physical connection with the PGP Web of Trust, but it in no way relies ... that whoever it was using his old PGP key is someone I trust to write ...
    (comp.lang.lisp)
  • Re: Here come da judge
    ... that when you host an event of anything near that size you assume some ... private party with people you *know* you can trust. ... those unknown guests. ... I'll take the ultimate responsibility, ...
    (rec.motorcycles.harley)
  • Re: PHP newbie. Storing sensitive data
    ... cbmeeks wrote: ... no matter how reliable and trust-worthy a host is they could ... At some point you have to put your trust in someone. ... the sysadmins at your bank have complete access to all of your account information. ...
    (comp.lang.php)