Secure update mechanism #26

rlee287 · 2016-11-27T06:30:40Z

Feature Request

Description of feature:

1. Pyautoupdate needs some mechanism for securing the downloading of files from the internet.
2. Symlink and duplicate file checks are needed to detect duplicate files and handle symlinks properly.

Rationale for feature:

Without any kind of securing, a MITM attack could easily inject malicious code into an update.
Duplicate files may cause problems and unpredictability. Moreover, symlink attacks could potentially be used to overwrite critical system files.

Possible implementation:

requests can already handle HTTPS properly. This could be mandated. In addition, protocols such as SFTP or SSH could also be used.
Duplicates can be checked for and removed during replacing process (emitting warnings as well)

The text was updated successfully, but these errors were encountered:

rlee287 · 2017-01-23T07:16:40Z

Turning into general checklist for securing the update chain.

rlee287 · 2017-02-10T06:52:46Z

For point 1:

Disallow HTTP, allow only HTTPS
Possibly allow SFTP or other secure protocls
Use pycrypto to support code signatures (verify identity while secure transfer can only verify integrity?)