Change to librsync

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Change to librsync

Frank Crawford
Folks,

By the looks of it, the following security change to librsync will have
some effect on rdiff-backup:

====
Changes in librsync 1.0.0 (2015-01-23)

* SECURITY: CVE-2014-8242: librsync previously used a truncated MD4
"strong" check sum to match blocks. However, MD4 is not
cryptographically strong. It's possible that an attacker who can control
the contents of one part of a file could use it to control other regions
of the file, if it's transferred using librsync/rdiff. For example this
might occur in a database, mailbox, or VM image containing some
attacker-controlled data.

To mitigate this issue, signatures will by default be computed with a
256-bit BLAKE2 hash. Old versions of librsync will complain about a bad
magic number when given these signature files.

Backward compatibility can be obtained using the new
`rdiff sig --hash=md4`
option or through specifying the "signature magic" in the API, but this
should not be used when either the old or new file contain untrusted
data.

Deltas generated from those signatures will also use BLAKE2 during
generation, but produce output that can be read by old versions.

See https://github.com/librsync/librsync/issues/5

Thanks to Michael Samuel <miknet.net> for reporting this and offering an
initial patch.
====

So, does anyone know what the effect will be on rdiff-backup?

Regards
Frank


_______________________________________________
rdiff-backup-users mailing list at [hidden email]
https://lists.nongnu.org/mailman/listinfo/rdiff-backup-users
Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki
Reply | Threaded
Open this post in threaded view
|

Re: Change to librsync

Robert Nichols-2
On 02/21/2015 09:05 PM, Frank Crawford wrote:

> Folks,
>
> By the looks of it, the following security change to librsync will have
> some effect on rdiff-backup:
>
> ====
> Changes in librsync 1.0.0 (2015-01-23)
>
> * SECURITY: CVE-2014-8242: librsync previously used a truncated MD4
> "strong" check sum to match blocks. However, MD4 is not
> cryptographically strong. It's possible that an attacker who can control
> the contents of one part of a file could use it to control other regions
> of the file, if it's transferred using librsync/rdiff. For example this
> might occur in a database, mailbox, or VM image containing some
> attacker-controlled data.
>
> To mitigate this issue, signatures will by default be computed with a
> 256-bit BLAKE2 hash. Old versions of librsync will complain about a bad
> magic number when given these signature files.
[SNIP]
> So, does anyone know what the effect will be on rdiff-backup?

The only sums that rdiff-backup retains are SHA1 sums, so I doubt that
whatever librsync uses internally would have any effect.

--
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.


_______________________________________________
rdiff-backup-users mailing list at [hidden email]
https://lists.nongnu.org/mailman/listinfo/rdiff-backup-users
Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki