librsync and rsync vulnerability to maliciously crafted data.
was Re: MD4 checksum_seed
Donovan Baarda
abo at minkirri.apana.org.au
Thu Apr 8 10:30:37 GMT 2004
G'day,
From: "Eran Tromer" <rsync2eran at tromer.org>
[...]
> > librsync needs a whole file checksum. Without it, it silently fails for
> > case 1), 3), and 4).
> >
> > librsync could benefit from a random checksum_seed. It would need to be
> > included in the signature. Without it librsync is vulnerable to cases 1)
> > and 3).
> [snip]
> > rsync shouldn't need a fixed seed for batch modes... just store the seed
> > in the signature. using a fixed seed makes it vulnerable to 1) and 3).
>
> I fully agree with your analysis.
> I'll just note that in many situations, case 2 can be elevated to case 3
> simply by transferring the file twice.
Yeah... did you see my followup post about the posiblity of using the
whole-file checksum as the checksum_seed for the blocksums? I think it would
be a good idea for librsync. It does require a double-parse to generate the
signature, but is otherwise quite nice.
----------------------------------------------------------------
Donovan Baarda http://minkirri.apana.org.au/~abo/
----------------------------------------------------------------
More information about the rsync
mailing list