From: Larry McVoy <lm@bitmover.com>
To: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Larry McVoy <lm@bitmover.com>,
"Richard B. Tilley (Brad)" <rtilley@vt.edu>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: Verifying Kernel source
Date: Wed, 27 Nov 2002 18:30:09 -0800 [thread overview]
Message-ID: <20021127183009.G9443@work.bitmover.com> (raw)
In-Reply-To: <Pine.GSO.4.21.0211272326350.5044-100000@vervain.sonytel.be>; from geert@linux-m68k.org on Wed, Nov 27, 2002 at 11:29:27PM +0100
On Wed, Nov 27, 2002 at 11:29:27PM +0100, Geert Uytterhoeven wrote:
> On Wed, 27 Nov 2002, Larry McVoy wrote:
> > > What is the proper way to verify the kernel source before compiling?
> > > There have been too many trojans of late in open source and free
> > > software and I, for one, am getting paranoid.
> >
> > If it's in BK you can be pretty sure that it is what was checked in,
> > BK checksums every diff in every file. It's not at all impossible
> > to fool the checksum but it is very unlikely that you can cause
> > semantic differences in the form of a trojan horse and still fool
> > the checksums.
>
> It depends on the checksum algorithm. If it's not `strong' (e.g. simple crc32),
> I can easily add some specially tailored unused data to the code of which the
> sole purpose is to make the checksum still match.
Oh, sure, you could, but you'd have to go edit the SCCS files by hand,
which is certainly doable, but it raises the bar past most of the
script kiddies who do this sort of thing.
Ted T'so and I have discussed the idea of adding strong signatures to BK
several times. It would be easy to do and it would completely defeat any
attempt to stick a trojan into an existing changeset. So we could and will
if it ever becomes a real problem.
On the other hand, bkbits.net is updated by Linus directly and we've never
had a breakin there (knock on wood) so you are relatively safe if you are
tracking the tree from there. Now that I've said that some slashdot
kiddie with more balls than brains will happily beat their brains out
to break in, but we'll fix it if it happens.
The bottom line is that, so far, the BK tree is safe. I'll personally
commit to providing strong crypto based signatures for changesets within
1 week of the date when someone sticks a trojan in a BK tree. It's not
that hard, but it's also a problem that doesn't exist (yet). And we have
lots of things to do, just ask any BK user...
--
---
Larry McVoy lm at bitmover.com http://www.bitmover.com/lm
next prev parent reply other threads:[~2002-11-28 2:22 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-11-27 14:54 Verifying Kernel source Richard B. Tilley (Brad)
2002-11-27 16:46 ` Jason Cook
2002-11-27 17:28 ` Larry McVoy
2002-11-27 22:29 ` Geert Uytterhoeven
2002-11-28 2:30 ` Larry McVoy [this message]
2002-11-28 9:54 ` Helge Hafting
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20021127183009.G9443@work.bitmover.com \
--to=lm@bitmover.com \
--cc=geert@linux-m68k.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rtilley@vt.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.