Comments (5)
So.. this is how I solved in my use case.. It could possibly be a pattern of interest to other people...
Adding the version number to the verifier:
alkasir/alkasir@5d57cc6
And a Version number check in the client before even trying to accept a patch:
alkasir/alkasir@ca8a5c1
from go-update.
@thomasf Thanks for reporting this! I really appreciate it.
I will note that even when incorporating the version into the hash/signature calculations, an attacker who compromises the mechanism used to pull the metadata that describes 'the next available update' could still force a downgrade unless the second check for 'target version being higher than the current version' is implemented (which is difficult for a few reasons, timestamps are better). In short: compromising the update check could allow an attacker to return a valid tuple of [old version, old_signature, payload of old version] and circumvent this fix as well.
This kind of problem is avoided by using a more robust publishing/updating framework like TUF.
go-update's docs need to provide a security section explaining the threat model and the tradeoffs and compromises made in the design of the library.
In the meantime, this additional check will improve things, thanks again for sharing it.
from go-update.
I will implement the valid version check in my client using a semver library so that the client only accepts a semver version newer than itself.
from go-update.
Btw. I'm getting to this item some time tomorrow in the project I'm working on (which currently is being moved to https://github.com/alkasir/alkasir ).
from go-update.
Btw. would you like me to contribute https://github.com/alkasir/alkasir/blob/master/pkg/upgradebin/ed25519Verifier.go to go-update?
from go-update.
Related Issues (20)
- Quick Start Documentation HOT 1
- Tag release HOT 2
- can i get complete example program to understand self update usage? HOT 3
- Are you providing support for linux too? HOT 1
- Release osext as an independent package HOT 1
- Bug in Example? HOT 2
- Make switch of files more robust
- x HOT 1
- Wrong permissions HOT 1
- McAfee virus scanner cleans the new exe after update HOT 1
- example handler HOT 1
- Restart process after update HOT 3
- progress prompt
- Check directory permissions and throw an informative error when they are wrong
- Will this work inside a Macos dmg application? HOT 1
- Support go modules
- THIS PROJECT APPEARS TO BE UNMAINTAINED (details inside) HOT 2
- Equinox is shutting down on September 30th, 2021 HOT 1
- Self-update in parallel processes does not work properly
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-update.