1

Applications (e.g. Firefox) often include a root ca bundle file containing trusted certificates.

How can I protect those files from malicious agents trying to modify them? I think signing is not an option because they could also replace the public key used for verification.

Is access control the only protection against fraudulent certificate injection in Firefox and similar applications, or is there some other mechanism in place?

fbbdev
  • 113
  • 2

1 Answers1

1

root or Administrator access is usually required to modify the CA bundles. If an attacker has gained that level of access, it's game over. Defending against such a scenario is almost impossible as there are many other things the attacker can do.

Now, for the very specific case of SuperFish, browsers (and other applications) can push updates to reject that particular certificate, but that's only because SuperFish incompetently reuses the same certificate across all devices. A more sophisticated attack is much harder to defend against.

  • 1
    I asked because I need to ship a ca bundle with my own application, and I need to know which are the standard protection methods. Knowing that an attacker with root access and sufficient skills can easily circumvent encryption and signatures, does it still make sense to employ such measures? – fbbdev Mar 01 '15 at 11:59