Stefan Seefeld wrote:
Rene Rivera wrote:
OK, got that.. But my point was that there is no such thing as passive data when you distribute programs, or fragments thereof.
When I download a tar.bz file there isn't *anything* anybody can do with that file. It's simply not executable. Setting the executable bit will just cause the system to throw up its hands with an error message.
But that has nothing to do with someone tampering with the source code that is in the archive, which users compile and execute. If someone inserts malicious code in the archive it will be at least as dangerous as the executable you use extract the archive, even if it is part of a self extracting archive.
Providing the 'convenience' of self-executability is just a huge dis-service to all potential recipients, at least when security is an issue.
And what I said is that if security is an issue no amount of fudging of the "integrity" of the archives gets around the, *currently*, inherently insecure process of producing and posting the archives.
And, as far as tampering goes, what's wrong with checksums ?
If you don't secure the checksums themselves, they are equally susceptible to tampering. i.e. the attacker can produce "correct" checksums for the compromised archives.
All you are interested in is to know that the file you downloaded is identical to the one your trusted peer packaged for you.
That requires that you provide cryptographically verifiable confirmation that the content has not changed. Like a verified tamper proof crypto signature procedure, easier said than done. You have to consider the security of the originating device (computer+human+software), the destination device, and all the devices in between (the SF servers, routers, etc). For more detail on the what can and can't be done read some of Scheiner's articles: http://www.schneier.com/ - For example this essay: http://www.schneier.com/essay-037.html Why Cryptography Is Harder Than It Looks -- -- Grafik - Don't Assume Anything -- Redshift Software, Inc. - http://redshift-software.com -- rrivera/acm.org - grafik/redshift-software.com - 102708583/icq