Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Artifact checksums is not verified for headers, only payload

Description

To reproduce:

  1. Extract an update using regular tar xf update.mender.

  2. Open the manifest file and change any of the checksums for the headers, but not the payload (data).

  3. Try to apply the update with mender -rootfs.

Mender accepts the update even though it shouldn't. This is a serious issue because it allows an attacker to make arbitrary changes to state scripts of a signed update.

Acceptance criteria:

  • Mender should not accept wrong checksum on any headers.

  • This must be tested in acceptance tests

    • The test_signed_updates test might be a good place to add it. It already deals with corrupting checksums and trying to update using those.

  • Must update vendored dependency in all repositories that vendor mender-artifact, including the servers.

Affects versions

Environment

None

Checklist

Activity

Show:

Marcin Pasinski September 22, 2017 at 11:27 AM

Marcin Pasinski September 21, 2017 at 7:24 AM

Heh, that's nice. Thanks.

Kristian Amlie September 21, 2017 at 7:17 AM

I merged the mender and meta-mender PRs. However, I also submitted this. I know! I'm paranoid, it's an illness! But we're talking a security issue!

Kristian Amlie September 13, 2017 at 6:29 AM

: Btw, don't forget the last acceptance criterion. Deployments service should also receive a vendor update.

eystein.maloy.stenberg September 11, 2017 at 9:42 PM

https://github.com/mendersoftware/meta-mender/pull/372

Acceptance test failing, estimates 2-3 SP left.

Fixed

Details

Assignee

Reporter

Labels

Story Points

Priority

Fix versions

Sprint

Backlog

yes

Zendesk Support

Checklist

Created September 5, 2017 at 7:04 AM
Updated June 25, 2024 at 12:02 PM
Resolved September 28, 2017 at 5:06 PM