Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#37215 - MD5 is insecure. Please disallow MD5 checksums from new PKGBUILD uploads.

Attached to Project: Arch Linux
Opened by Andrew Engelbrecht (sudoman) - Monday, 07 October 2013, 05:54 GMT
Last edited by Dave Reisner (falconindy) - Monday, 07 October 2013, 13:51 GMT
Task Type Feature Request
Category Security
Status Closed
Assigned To No-one
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

MD5 hashes are highly exploitable. Collisions can be created using off the shelf hardware in seconds.[1] Many AUR PKGBUILD files rely upon MD5 without using https:// to download files from upstream servers. Therefore a man in the middle attack can spoof the identity of a tarball, allowing for arbitrary code execution.

Since PKGBUILDs downloaded through https:// are effectively signed by the archlinux servers, any tarballs backed by sha256sums are as well. This offers robust defense against active man in the middle attacks. Although there are other significant attack vectors still open, having this standard removes a weak link in the chain of trust.

I believe ArchLinux users will benefit from AUR transitioning away from MD5 hashes. This could be achieved by disallowing md5sums in new uploads of PKGBUILDs. After that, stale PKGBUILDs using md5sums could be left alone, uploaders could be contacted, and/or makepkg could issue a warning.

admittedly,

sha256sums=('4ceca3a59b65630e849b89133f220def775009017ca2c3d689df27b7745040a9'
'a6293cbabb2b29e114fa6cb1784ccd46eaedb74b5cc3abc69734eb9ef0abc96a')

is quite long text, but it fits in a standard 24x80 character terminal.


TL;DR: Since MD5 is horribly insecure, let's disallow its use in future PKGBUILD uploads. Transitioning AUR away from MD5 will strengthen the chain of trust for tarballs downloaded over http://, thus preventing arbitrary code execution.


[1] https://en.wikipedia.org/wiki/MD5#Security
This task depends upon

Closed by  Dave Reisner (falconindy)
Monday, 07 October 2013, 13:51 GMT
Reason for closing:  Not a bug
Comment by Dave Reisner (falconindy) - Monday, 07 October 2013, 13:51 GMT
I'd agree with you, except that our checksums *rarely* come from upstream. This isn't meant to be a security mechanism. Look for GPG signatures if that's what you're after.

Loading...