Package: obnam Version: 1.6.1-1 Severity: important Tags: security Here's a feasible attack on obnam due to its use of md5.
1. Generate a a binary that is modified to contain a md5
colliding section.
(Trivial.)
2. Find ways to upload files to lots of Debian systems that I want to
attack later.
This can be as simple as sending an email to a mailing list[1].
Or could as tricky as posting a comment to a blog that's full of
binary spam.
Use these methods to get the evil version of my binary onto the
system's disk, it doesn't matter where on disk it's put.
(Trivial.)
3. Some of those systems will be backed up with obnam. If the alignment
gods are smiling (or if obnam uses rolling checksums?), the
data I sent will start at the start of a block, so the colliding md5
will be used by obnam.
(Requires luck, but it's easy to cast a wide net in step 2.)
4. Become Debian maintainer, ideally using a throwaway account
or the old transnational republic ID card.
Upload a Debian package containing the good version of my binary.
(Trivial.)
6. Systems will back that up with obnam. Except, it has the same md5,
so they'll reuse the data from the evil version that was previously
backed up in step 3.
7. Wait for the backups to be restored, and game over.
Due to this attack, I would much, much prefer obnam to use a hash
that has good collision resistence. I suggest SHA-2 (possibly the 512
version as that's supposed to be faster on 64 bit), or possibly Skein.
MD5 is the worst possible choice, and SHA-1 is not a wise choice.
I would also recommend parametizing the hash used by obnam, so that
if whatever hash you choose gets broken later, it can easily switch to
its replacement.
Workarounds:
use --deduplicate=never (wastes disk space)
or --deduplicate=verify (expensive over a network)
or avoid restoring (at least) distribution provided files from obnam backups
or use something like tripwire to layer better checksums on top,
and verify that a restore restored the right versions of files before
using it
or separate different file sources (system, web, email etc) into
separate obnam repositories
--
see shy jo
[1] Such as this one?! Eeek. Better check the headers for anything suspicious..
signature.asc
Description: Digital signature
