On Mon, Nov 13, 2017 at 12:21:31PM -0500, Peter Todd wrote:
>> Not to argue anything in particular, but sometimes I do have moments
>> where I
>> wonder if moving our ultimate trust to developer workstations (where the
>> signature is generated) was such a great idea. I can assure you that
>>
kernel.org infrastructure is, in the majority of cases, vastly better
>> protected than developer workstations -- together with the signing keys that
>> live on them and into which we put the ultimate trust.
>
>The thing is developer workstations are *already* trusted, because if those
>workstations are compromised they can compromise the code itself, which in
>practice is quite difficult to effectively audit. So why add an additional
>trusted entity when you already have one?
I would argue the point you're making here. Compromising code that is
headed for git repositories is significantly more difficult than code
that is going into a tarball. A malicious commit going into a git
repository at least has the potential to be reviewed and analyzed (and
will almost certainly be noticed if it lands in the Linux kernel
repository). However, a 2-line change somewhere deep in the released
tarball will likely never be noticed without someone actually checking
for such sneaky changes.
If I were an attacker in control of a developer workstation, I would
target specifically tarballs -- I would make use of the race condition
between when "git archive" completes and when the gpg sign command is
invoked to substitute the generated tarball for a malicious one.
>That said, with deterministic builds you can get the best of both worlds: build
>on both
kernel.org infrastructure and dev workstations and only release if the
>builds match 100%
It's not quite what we do, but the process of releasing a kernel does
not rely on us accepting tarballs from Linus or Greg. Instead, we take
the git tree reference, the tarball prefix, and the gpg signature -- and
then generate the tarball on our end. If the signature we received
successfully verifies the tarball we generated on our end, that means
that our git tree is identical to Linus's (or Greg's) tree, and
therefore we can trust our generated tarball.
This was written as a convenience, not as a security check (Linus
oftentimes goes diving to remote parts of the world and does not want to
spend most of his day uploading 600-megabyte tarballs over bad
connections). However, it also acts as a useful double-check to verify
both that git repositories on our end do not differ from the ones on
Linus's workstation, and to make sure "use a race condition to sneak in
a trojaned tarball" attack cannot succeed.
It is my intent to deprecate the ability to upload tarballs entirely and
force everyone to use the same process Linus and Greg use to generate
tarballs on our end and then use the provided signature to verify it.
(If you're interested in how the kernel release process works, you can
see my talk from last year:
https://www.youtube.com/watch?v=9ZIu3a3gocM)
-K