security issue with signing files

[David Shaw]

--0OAP2g/MAC+5xKAE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Nov 24, 2001 at 11:42:24PM +0800, Kent Tong wrote:
> Dear all,
>=20
> Suppose a user is about to sign a file that he has just viewed, but someo=
ne
> else modifies the files over the network, then he will sign over the
> arbitrary
> contents written by anyone who has write access? How to solve this
> problem? This is a common case when the superior is reviewing and signing
> a document (in a shared project folder) created by a subordinate.

This sort of race condition is a general difficulty in many
security-related applications.

GnuPG, quite properly, is going to sign whatever it reads, so the
trick is to guarantee that you give it only what you want it to sign.
There is no one perfect solution for this - you need to look at your
own situation and make sure that any proposed solution addresses that
situation.

All that said, a possible solution to your problem is to make a local
copy of the file to be signed in a place that only you can write to,
and verify that local copy is the one you want to sign before signing
it.  Is that perfectly secure?  No.  It just changes the threat
model.  Only you can decide if it changes it enough to make your
application safe enough.

Another way to approach the problem is a program that reads the file
into memory, shows it to you for approval, then pipes it directly from
memory to GnuPG for signing.  This has the advantage of raising the
bar fairly high for an attacker - it is harder (but again, not
impossible) to modify the memory of a running process.

On the brighter side, if you have an attacker that can modify the
memory of a running process or replace files on media that "only you"
can write to, you have other things to worry about :)

David

--=20
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+--------------------------------------------------------------------------=
-+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

--0OAP2g/MAC+5xKAE
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6b (GNU/Linux)

iQEVAwUBO//akYccwqs8s7QVAQHb9wf+NHB3M+sK21nPLBolvzjVCzJgVI6mzaJ1
1Y6Av1DbZnAuOMeYbfowcbimHa043ql1bQjK7DfXJaBwsFNSBrdfhZlTBUAbWgAH
sBy9XouA52oFh0+GmwrfWhcTgJCHTNNIyFXknV6ZzmVMjMbwct9Kxbmp/9Q/FVLU
tq3hd5P0kHEP8tPcYzfQe55Q6dG9HUhC8RgcrRpoF4s92cOeZVcWpuN9ATOEIXAw
SG/AtViOhBhBPuRyeKS0EGuzOn3oMdZEqMxVpoop/J9hBk0oJ8a2bzaIFDtDt7KU
5Yg624xidz4qrLIBFerK11fETQNsHLhMKBICYCMVGHKdEAaM8QqsTw==
=H35A
-----END PGP SIGNATURE-----

--0OAP2g/MAC+5xKAE--