Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cksum: --check is vulnerable, doesn't actually check #6379

Open
BenWiederhake opened this issue May 7, 2024 · 0 comments
Open

cksum: --check is vulnerable, doesn't actually check #6379

BenWiederhake opened this issue May 7, 2024 · 0 comments
Assignees
@sylvestre
Labels
U - cksum

Comments

@BenWiederhake
Copy link
Collaborator

BenWiederhake commented May 7, 2024
edited

Since #6256, we accept -c, and callers think that we actually verify the checksum of some files. However, we always exit with 0, yielding obvious false-positives like this:

$ cargo run -q cksum -a md5 /dev/null # Setup
MD5 (/dev/null) = d41d8cd98f00b204e9800998ecf8427e
$ cat <<EOF >foo.sums # More setup
> MD5 (/dev/null) = d400000000000000000000000000007e
> EOF
$ cksum -a md5 -c foo.sums # Should reject
/dev/null: FAILED
cksum: WARNING: 1 computed checksum did NOT match
[$? = 1]
$ cargo run -q cksum -a md5 -c foo.sums # But we accept?!
MD5 (foo.sums) = 396bec11fe90bdaf047158984c99546c
$

This is a bad situation. Let's either actually support -c or not support it, but "accepting the argument and ignoring it" is a security disaster waiting to happen. This is already planned to be fixed, and perhaps even partially finished. This issue exists because I'm paranoid that we might still somehow forget to do it :D
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sylvestre sylvestre

Labels
U - cksum
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sylvestre @BenWiederhake