From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 30469 invoked by alias); 31 Mar 2015 18:08:26 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 30451 invoked by uid 89); 31 Mar 2015 18:08:25 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.6 required=5.0 tests=AWL,BAYES_00,SPF_PASS,UNPARSEABLE_RELAY autolearn=ham version=3.3.2 X-HELO: aibo.runbox.com Received: from aibo.runbox.com (HELO aibo.runbox.com) (91.220.196.211) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-SHA encrypted) ESMTPS; Tue, 31 Mar 2015 18:08:15 +0000 Received: from [10.9.9.241] (helo=rmm6prod02.runbox.com) by bars.runbox.com with esmtp (Exim 4.71) (envelope-from ) id 1Yd0aB-0006Kk-5Y for cygwin@cygwin.com; Tue, 31 Mar 2015 20:08:11 +0200 Received: from mail by rmm6prod02.runbox.com with local (Exim 4.76) (envelope-from ) id 1Yd0aB-0002gt-Gs for cygwin@cygwin.com; Tue, 31 Mar 2015 20:08:11 +0200 Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Received: from [Authenticated user (258406)] by secure.runbox.com with http (RMM6); for ; Tue, 31 Mar 2015 18:08:11 GMT From: "David A. Wheeler" Reply-To: dwheeler@dwheeler.com To: "cygwin" Subject: [PATCH] Add FAQ entry on how Cygwin counters man-in-the-middle (MITM) attacks Date: Tue, 31 Mar 2015 19:29:00 -0000 Message-Id: X-IsSubscribed: yes X-SW-Source: 2015-03/txt/msg00558.txt.bz2 Signed-off-by: David A. Wheeler --- winsup/doc/faq-setup.xml | 129 +++++++++++++++++++++++++++++++++++++++++++= +++- 1 file changed, 128 insertions(+), 1 deletion(-) diff --git a/winsup/doc/faq-setup.xml b/winsup/doc/faq-setup.xml index 614d4a9..3764214 100644 --- a/winsup/doc/faq-setup.xml +++ b/winsup/doc/faq-setup.xml @@ -156,6 +156,128 @@ and that installing the older version will not help i= mprove Cygwin. =20 + +How does Cygwin counter man-in-the-middle (MITM) attacks d= uring installation and upgrade? + + + +A man-in-the-middle (MITM) attack occurs when an attacker secretly relays = and +possibly alters the communication between two parties +who believe they are directly communicating with each other. +Here is how Cygwin counters man-in-the-middle (MITM) attacks +during installation and update (including enough details so +technical people can confirm it): + + + +The Cygwin website provides the setup program +(setup-x86.exe or setup-x86_64.exe) +using HTTPS (SSL/TLS). +This authenticates that the setup program +came from the Cygwin website +(users simply use their web browsers to download the setup program). +You can use tools like Qualsys' SSL Server Test, +, +to check the HTTPS configuration of Cygwin. +The cygwin.com site supports HTTP Strict Transport Security (HSTS), +which forces the browser to keep using HTTPS once the browser has seen +it before (this counters many downgrade attacks). + +The setup program has the +Cygwin public key embedded in it. +The Cygwin public key is protected from attacker subversion +during transmission by the previous step, and this public +key is then used to protect all later steps. +You can confirm that the key is in setup by looking at the setup project +() +source code file cyg-pubkey.h +(the key is automatically generated from file cygwin.pub). + +The setup program downloads +the package list setup.ini from a mirror +and checks its digital signature. +The package list is in the file +setup.bz2 (compressed) or +setup.ini (uncompressed) on the selected mirror. +The package list includes for every official Cygwin package +the package name, cryptographic hash, and length (in bytes). +The setup program also gets the relevant .sig +(signature) file for that package list, and checks that the package list +is properly signed with the Cygwin public key embedded in the setup progra= m. +A mirror could corrupt the package list and/or signature, but this +would be detected by setup program's signature detection +(unless you use the -X option to disable signature chec= king). +The setup program also checks the package list +timestamp/version and reports to the user if the file +goes backwards in time; that process detects downgrade attacks +(e.g., where an attacker subverts a mirror to send a signed package list +that is older than the currently-downloaded version). + +The packages to be installed +(which may be updates) are downloaded and both their +lengths and cryptographic hashes +(from the signed setup.{bz2,ini} file) are checked. +Non-matching packages are rejected, countering any attacker's +attempt to subvert the files on a mirror. + + + + +Up through 2015 Cygwin used the MD5 algorithm for cryptographic hashes. +Cygwin used both MD5 and length checks, which makes some attacks harder +than if Cygwin used only MD5, +but MD5 is no longer considered a secure cryptographic hash algorithm. +The 2015-02-06 update of the setup program +added support for the SHA-512 cryptographic hash algorithm for +sigining the setup.ini package list, as described in +. +The announcement also noted that there will be a switch to SHA-512 +checksums in the setup.ini files. +There are no known practical exploits of SHA-512 (SHA-512 is part of the +widely-used SHA-2 suite of cryptographic hashes). + + + + +What else can I do to ensure that my installation and upda= tes are secure? + + + +To best secure your installation and update process, download +the setup program setup-x86.exe (32-bit) or +setup-x86_64.exe (64-bit), and then +check its signature (using a signature-checking tool you trust) +using the Cygwin public key +(). +This was noted on the front page for installing and updating. + + +If you use the actual Cygwin public key, and have an existing secure +signature-checking process, you will counter many other +attacks such as subversion of the Cygwin website and +malicious certificates issued by untrustworthy certificate authorities (CA= s). +One challenge, of course, is ensuring that +you have the actual Cygwin public key. +You can increase confidence in the Cygwin public key by checking older cop= ies +of the Cygwin public key (to see if it's been the same over time). +Another challenge is having a secure signature-checking process. +You can use GnuPG to check signatures; if you have a trusted Cygwin +installation you can install GnuPG. +Otherwise, to check the signature you must use an existing trusted tool or +install a signature-checking tool you can trust. + + +Not everyone will go through this additional effort, +but we make it possible for those who want that extra confidence. +We also provide automatic mechanisms +(such as our use of HTTPS) for those with limited time and +do not want to perform the signature checking on the setup program itself. +Once the correct setup program is running, it will counter other attacks +as described in +. + + + Is Cygwin Setup, or one of the packages, infected with a v= irus? @@ -197,8 +319,13 @@ disk if you are paranoid. =20 This should be safe, but only if Cygwin Setup is not substituted by -something malicious, and no mirror has been compromised. +something malicious. +See also + +for a description of how the +Cygwin project counters man-in-the-middle (MITM) attacks. + See also for a list of applications that have been known, at one time or another, to interfere with the normal functioning of Cygwin. --=20 2.1.4 -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple