From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 1856438555A3; Thu, 17 Aug 2023 15:39:26 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1856438555A3 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1692286767; bh=beKa/kW1Dpbo5QnrLVlLHn1AMnNqaH2TiY3gyVyy8k4=; h=From:To:Subject:Date:In-Reply-To:References:From; b=kN6GNFE0DhvbSivcpBR4T0ejL6h4WnjjELWiTwEBVXwVyQVAaDgyJBCAQQx4VDV3H cGue+K9ja2dmBbhHS5lxjw8uZ6KmAP8dzhLsfY833IgGjlDhHpjD3Y65OdYLGh7alE C7uUIoP1dtDQTJ0Y1EHg4UJ+p4JxNVltnpTrkCMU= From: "mark at klomp dot org" To: elfutils-devel@sourceware.org Subject: [Bug debuginfod/28204] extend webapi / verification with forthcoming signed-contents archives Date: Thu, 17 Aug 2023 15:39:25 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: elfutils X-Bugzilla-Component: debuginfod X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: mark at klomp dot org X-Bugzilla-Status: ASSIGNED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: rgoldber at redhat dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://sourceware.org/bugzilla/show_bug.cgi?id=3D28204 --- Comment #20 from Mark Wielaard --- (In reply to Frank Ch. Eigler from comment #18) > > Doesn't that give a false sense of "security"? > > It still rejects some stuff, but doesn't really protect against "falsif= ying" > > files, all a server has to do is not provide an IMA=20 >=20 > Yes, but trusted servers won't just do that. But isn't the idea of checking the IMA signatures that you don't have to tr= ust the server providing the debuginfo files as the distro intended them? > > If it is just to see what would happen if enabling ima file checking, t= hen > > it probably shouldn't reject anything. In that case it should warn for = both > > missing and invalid signatures, but still accept them. >=20 > The difference between missing and invalid is that the latter is KNOWN ba= d. > An invalid signature is evidence that the file has a problem. And a missing signature is UNKNOWN bad? So both are bad in some way. Which imho means that if we support some kind = of permissive mode, then it should explicitly warn for both kind of baddness. --=20 You are receiving this mail because: You are on the CC list for the bug.=