The Ubuntu community has contributed 12232 ideas, 57574 comments, 1174524 votes
Idea
#1491: Digitally signed binaries
|
| |
8
|
|
|
Written by Eldmannen the 29 Feb 08 at 15:18.
Category: System.
Related to:
Nothing/Others.
Status: New
|
|
|
Description
Preferably make all the binaries in the system be digitally signed.
Or at least digitally sign some of the most important system binaries.
Canonical Ltd. can sign the Ubuntu system binaries.
This gives enhanced security because it verifies the application identity and ensures its integrity.
Microsoft and Apple digitally sign their binaries.
http://www.apple.com/macosx/features/300.html#security
Attachments
No attachments.
Duplicates
Comments
|
changlinn wrote on the 29 Feb 08 at 15:28
| |
UMM the repositories are GPG encrypted, and the packages usually Md5 summed. The Digital signing is a revenue stream for MS plain and simple, they charge 3rd part devs money for it. Not something I would want in a free and open world.
|
|
Eldmannen wrote on the 29 Feb 08 at 15:31
|
Good that they are MD5 summed, but MD5 is broken.
SHA1 is more secure, but is also broken.
Also even if I get the right packages from the repositories, they can be modified later when they are on my system by some malware on my system.
Especially important perhaps for the kernel.
|
|
Eldmannen wrote on the 29 Feb 08 at 15:32
|
Yeah, I don't want people to get charged for it either.
But they could digitally sign their own system binaries.
|
|
changlinn wrote on the 29 Feb 08 at 16:15
| |
but you have to trust the gpg key of the repository, so it is better than just a digital signature that can be easily faked (Phishers have already done this), so it is md5+gpg. Not some also broken 56bit des or whatever, actually hangon can anyone fine what signing they do provide from windows updates... looks like it is time for someone to do some dns spoofing.
|
|
Eldmannen wrote on the 1 Mar 08 at 13:08
|
Well, I guess it would provide some additional security.
The check at repo is just check when they get installed.
Not verify identify after they been installed where they can be replaced.
|
|
xiota wrote on the 5 Mar 08 at 22:28
|
The repositories use both md5 and sha1, in addition to being signed with gpg. System files are fairly safe. If malware is a concern, you should be more worried about your home directory than the system.
If you need to check for corrupt files, you can use debsums (but it uses only md5).
|
|
pturing wrote on the 12 Mar 08 at 21:41
|
The packages themselves are already signed. If you want to be able to verify them later, you can use bsign or tripwire
I'm skeptical about making this the default; it would add bloat, and to get any actual security from it, the user would have to keep their signing key on separate offline storage and boot a CD to perform the verification. Otherwise, an attacker could simply modify the verification program and/or generate a new key and re-sign all the binaries
|
|
Auzy wrote on the 17 Mar 08 at 15:01
|
Umm, I didn't think MD5 was fully broken yet.. I know they are finding collisions, but I don't think its been fully cracked yet.
But I agree with the idea. Although, skeptical as to its benefits, there are other mechanisms in place to support it.
|
|
allo wrote on the 18 Apr 08 at 20:10
| |
debian uses md5, sha1 and sha256 iirc in their repos. dunno, but i think ubuntu does so, too.
|
|
hspaans wrote on the 13 Jul 08 at 15:27
| |
I hope you mean `elfsign' like Solaris and MacOS X are using.
|
|
Auzy wrote on the 14 Jul 08 at 02:03
| |
Actually, I totally change my mind on this. +1
|
|
notyetroot wrote on the 10 Aug 08 at 17:56
| |
Is the "Authentication" referred to in Synaptic GPG, digital signing or something else? Anyway, it might be a good idea for some important packages.
|
Post your comment
|
|
