is It theoretically possible to hijack (I mean substitute on the fly) the fedora or ubuntu or windows packages upgrades if a cracker has owned the company's firewall/proxy ?
Asked
Active
Viewed 122 times
1 Answers
1
Trying to replace the packages with other files is certainly possible and even quite easy for an attacker who took control of the firewall or proxy. However, these packages are digitally signed with a private key which is owned by the people at the Fedora headquarters, and the attacker will not be able to forge that; his fake packages will be rejected by the Fedora systems which try to use them. This signature uses GnuPG; see this page for details.
Of course, such an attacker will still be able to prevent upgrades by simply blocking the relevant packages. This alone can be a problem, because it allows him to indefinitely extend the lifetime of known vulnerabilities.
Edit: the same applies for just about every other modern OS out there: they all use some sort of signature mechanism on authentic updates. Linux-based OS tend to use the OpenPGP format while Windows relies on derivatives from the X.509 world, e.g. authenticode; but that does not change the concept.
-
it's impossible to hijack the pubkey fedora (or ubuntu) repository ? – Luigi Aug 21 '13 at 16:05
-
It is not _impossible_ but you have to subvert some server which contains the private key. You cannot do that from a machine which is merely between the repository and the system which is to be updated, as your "company firewall/proxy". We do _hope_ that the people who sign the packages protect their machines properly. – Tom Leek Aug 21 '13 at 16:56