From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 135B43858C52; Wed, 18 Oct 2023 20:01:36 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 135B43858C52 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1697659296; bh=hz+FIcbFyfo8WY3mScqTvTo+KIoUUaMfh3f7IUTSIhM=; h=From:To:Subject:Date:In-Reply-To:References:From; b=wIHAs8ruw5kR4VhxvWa3m8yUiuQ5l6gIJJAhtshzuuhfavwwzHY3GvIOCgG01TH2u 87sE5jFYcxNCTX9D9357s4GZttzOmwTPFZQjebaJIOzHJoolXvMnNAVHsfRHhguDR5 3X9mzpcqVGBJFC83QNbJItWtW/eFezXB+gVhhhhM= From: "fche at redhat dot com" To: elfutils-devel@sourceware.org Subject: [Bug debuginfod/30978] debuginfod-client security: optionally(?) verify downloaded binaries Date: Wed, 18 Oct 2023 20:01:35 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: elfutils X-Bugzilla-Component: debuginfod X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fche at redhat dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://sourceware.org/bugzilla/show_bug.cgi?id=3D30978 --- Comment #4 from Frank Ch. Eigler --- Note that the main problem with this sort of scheme is not the checksum (whether CRC or a hash). That part can help provide some assurance against accidental corruption. (Plus you'd need external checksums for source file= s, which can't get additional ELF doohickeys inserted. But you'd need crypto signatures on those hashes in order to protect against deliberate corruption anywhere between the original build system and your client. That in turn requires distribution of crypto keys. It goes well beyond the objcopy stuff. I'm not sure whether the debian ecosystem has started thinking about this stuff, but when/if they do, debuginfod should be adaptable to pass on whate= ver assurances are possible. --=20 You are receiving this mail because: You are on the CC list for the bug.=