[Rpm-maint] [rpm-software-management/rpm] Ensure unique tags for in signature header (#1570)
Demi Marie Obenour
notifications at github.com
Sun Mar 7 04:07:08 UTC 2021
Can we move the IMA and fsverity signatures and the sizes into the main header? One rather annoying problem with the current format is that this data is not itself signed, so (on a system where IMA and fsverity are turned off) an attacker can stuff just about anything in those fields without invalidating the signature.
I have had ideas for an enhanced signature that uses a notation subpacket to store a hash of this data, but moving them into the main header would be much simpler.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1570#issuecomment-792198000
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210306/eb4b0749/attachment.html>
More information about the Rpm-maint
mailing list