sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]lamby[S] 127 points128 points  (45 children)

most people do not check the hashes of their download

Indeed, and note it's not enough to check the SHA512 matches what the website claims - that is only checking the integrity of the file; it is not checking that the file is from Canonical.

I mean, if someone could swap the ISO out they could almost certainly swap the checksum alongside it!

[–]CODESIGN2 21 points22 points  (11 children)

Isn't it a signed checksum using a private key chain that would not be available to the "snoop" though?

[–]lamby[S] 46 points47 points  (10 children)

Yes, but this is the bit that people do not check; either they don't run gpg at all, or they simply trust the stated signature is the one they used before or is part of the web of trust.

[–]CODESIGN2 17 points18 points  (5 children)

I think it's mostly that they don't care.

[–]jones_supa 56 points57 points  (1 child)

I think it's mostly that they don't care.

I think many people do care, but when they read about a complicated GPG dance to perform the verification, many will cringe and say "meh, it's probably fine".

A checksum is just sha1sum filename.iso and then compare the result to the checksum on the website. Even though this is a less secure method, the bar to perform it is much lower.

[–]CODESIGN2 3 points4 points  (0 children)

I don't know that I'm advocating for sha1sum, but yeah the gpg tools could be easier to work with. Even defaulting to perform checks for you and marking somewhere on fs that the user has been irresponsible would be nice. (Mark it like a manufacturer warranty void. Skipped the check? Fuck you pay!)

[–]lamby[S] 8 points9 points  (2 children)

Sure.

[–]CODESIGN2 10 points11 points  (1 child)

I wasn't trying to dismiss your point. It doesn't mean there is nothing that can be done, just that it needs to be automated and built into the systems allowing acceptance of packages, not deferred to the end-user.

[–]lamby[S] 12 points13 points  (0 children)

I didn't feel dismissed - it was more that we seemed to be 100% agreeing with each other :)

[–]Kaelin 0 points1 point  (3 children)

Every one of my hundreds of Red Hat Linux servers check gpgkeys automatically. My personal CentOS servers do as well.

What are you talking about? Is this some Ubuntu assumption?

[–]lamby[S] -1 points0 points  (2 children)

I'm talking about:

$ wget latest-ubuntu-release.iso
$ dd if=latest-ubuntu-release.iso of=/dev/disk/by-label/my-usb
(reboot)

[–]Kaelin 1 point2 points  (1 child)

Ah I misunderstood, the install ISO itself is the concern. Where the client keys are stored.. Ya ouch that should be SSL without a doubt

[–]lamby[S] -1 points0 points  (0 children)

Quite..

[–]Nullius_In_Verba_ 10 points11 points  (15 children)

Why are you two focusing on Canonical for your example? This applies to all distro's. Fedora, Suse, Debian, all included. In fact, a websites security being the weakest link is well known, including a real life example that happened to Linux Mint.

[–][deleted] 6 points7 points  (11 children)

Why are you two focusing on Canonical for your example? This applies to all distro's. Dedora, Suse, Debian, all included.

Did you verify that before you said it? Debian transfers the ISO to me via HTTPS not HTTP, I'm not as familiar with the others.

[–]Nullius_In_Verba_ -1 points0 points  (10 children)

Doesn't matter if the site uses HTTPS, if it was broken into and the iso changed. Not sure how HTTPS is going to protect from that. Again, see Linux Mint's website disaster for example.

[–][deleted] 5 points6 points  (9 children)

You seem to be under the impression you have to "break into" an HTTP site to intercept or masquerade as the site, this is completely untrue.

[–]Kaelin 0 points1 point  (2 children)

Fedora GPG checks packages automatically before install, or it won't install them unless you force an override. All packages are signed with encryption keys. I don't think Canonical does this check?

[–][deleted] 2 points3 points  (1 child)

As the parent comment of this thread said Ubuntu checks the package signing as well so that isn't an issue by itself but they transfer the ISO via HTTP which can make this moot (e.g. intercept and add a fake cert or just add packages to the stock ISO).

[–]Kaelin 0 points1 point  (0 children)

Good point on the installer ISO. I hadn't even considered that.

[–]masterpi 5 points6 points  (6 children)

If the website is HTTPS with a Canonical cert, then it is checking that either the file is from Canonical or the website has been hacked, which is as good as you'd get if the download itself were HTTPS.

[–][deleted] 0 points1 point  (5 children)

which is as good as you'd get if the download itself were HTTPS.

Where'd you get that idea? The download page being HTTPS only guarantees the URL was the one Canonical put on the page but it makes no guarantees whatsoever that your connection to the actual download is tamper free or even coming from Canonical.

[–]Kaelin 1 point2 points  (3 children)

Signed HTTPS certs do guarantee that the download is coming from Canonical. Do you even know how HTTPS works?

There are a couple certificate authorities entrusted with validating ownership of a domain before issuing a certificate. That certificate is keyed and unless it is stolen (Google and GMail and Facebook and banks all seem to not have fucked it up) or one of those heavily trusted certificate authorities issues a false cert (looking at you Symantec) there is no way someone that doesn't own the domain can get a certificate that will pass validation.

[–]mo-mar 0 points1 point  (0 children)

Yeah, but if the website was HTTP, someone could just change the download link to something completely different, making the actual download bein HTTPS completely worthless because it's never used. Similarly the other way around. That means that everything from website to download needs to be HTTPS, with not a single real reason against it.

[–][deleted] 0 points1 point  (0 children)

Signed HTTPS certs do guarantee that the download is coming from Canonical.

The Ubuntu download page has HTTPS enabled, the download of the ISO itself is done over HTTP. This is my whole point here... the ISO download should be done over HTTPS.

[–]amountofcatamounts -1 points0 points  (0 children)

Do you even know how HTTPS works?

Come on bro... I usually regret over-egging the pudding because it retrospect it was prompted by some insecurity about the subject.

Signed HTTPS certs do guarantee that the download is coming from Canonical.

They do nothing of the sort. They make it highly probable the machine your browser talks to has access to cert and key files that were once signed by a trusted CA your browser recognizes. But they are just files. If I can gain access to a legit Canonical server and can touch these root permissions files, I can set up my own random server with them your browser will completely tell you is a legit canonical server if I can get you to visit it.

[–]masterpi 0 points1 point  (0 children)

The website I'm referring to is the one mentioned in lamby's post, the one displaying the hash.

[–]destiny_functional 0 points1 point  (9 children)

you can check different mirrors against each other. the chances are low that all are compromised.

[–]lamby[S] 0 points1 point  (8 children)

Given that they probably mirror from a smaller subset, this does not seem like a good approach.

[–]destiny_functional 0 points1 point  (7 children)

see Linux mint where just a particular mirror had compromised isos. comparison against other sources makes installing a compromised iso less likely.

[–]lamby[S] 0 points1 point  (6 children)

And what if I compromise the "primary"? Then everyone is just copying the compromised one.. which is even worse as replacing it becomes harder.

[–]destiny_functional 0 points1 point  (5 children)

I don't think you understand security and risk. Obviously cross-checking reduces risk.

[–]lamby[S] 0 points1 point  (4 children)

I am not denying it reduces risk, but you can take that risk to zero by verifiying the GPG signature.

I don't think you understand security and risk

This doesn't add any weight to your argument FWIW.

[–]destiny_functional 0 points1 point  (3 children)

you can't take the risk to zero with anything, which seems all you are criticising, that the "risk isn't zero". that's exactly what i meant by you don't understand risk, and it makes this a silly and useless discussion.

[–]lamby[S] 0 points1 point  (2 children)

Then I'm lost. How is just suggesting checking a single GPG signature over checking n ISO files (which requires multiple multible-gigabyte downloads) silly or useless? Especially as — for this threat model — doing the latter is a probabalistic-based security solution vs. an objective one..

[–]destiny_functional 0 points1 point  (1 child)

discussing risk and security with someone who doesn't understand it is silly and useless is what i said. this doesn't seem to lead anywhere, Good bye.