Thanks David, input is wonderful! On Mon, Jul 08, 2002 at 12:56:29AM +0200, David Gümbel wrote: > > example: > > http://jlcooke.ca/go?2.4.18/CA | less > > Yes, I see :) > > But there are still some things that come to my mind as far as security is > concerned: > > * Placing "KERNKEY=0x517D0F0E" inside the script downloaded from the web might > be a potential security risk as this could quite easily be transparently > replaced by a different key id I have in my keyring (or that is available > via the keyserver)[1]. I think this might be avoided by reading the key ID > from a local file that has to be created by the user first (?) go-gnome.com does something like this, so I'm not without precedent. :) I agree, an SSL (https vs http) URL fetch is preferred. This has sent me down a few interesting paths (jl's little secret for now). Worse come to worse, I'll buy a thwate cert for kerneli.org. BTW, lynx and w3m both use libssl.so (openssl). And openssl will disallow a connection to an invalid host/cert pair, I don't think either are using this feature...too bad. The issue with GPG...well I have my own opinions about GPG with most people will not like. Can we assume if the SH script comes from a verified SSL tunnel, that the contents can be trusted? > * There is no check whether the key used for verification is trusted/has > been signed by the user. If the user doesn't have the key yet, how can the user sign it for use? Are you suggesting we prompt the user? > * The script is being piped directly from the web to a root shell. This looks > dangerous to me, even with SSL in use, as long as the SSL certificate > doesn't undergo verification. I currently can't find any option for > lynx or w3m that does this, but it's very possible I'm just blind. Read above, re:verification of the SSL tunnel. > And there's one thing I stumbled across when reading the code - maybe you > should start with a section like this: > > TRUEBIN = `which true` > W3MBIN = `which w3m` > LYNXBIN = `which lynx` > etc., just as you did with the gpg binary. Sounds good. -- http://www.certainkey.com Suite 4560 CTTC 1125 Colonel By Dr. Ottawa ON, K1S 5B6 C: 613.263.2983 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
