ISO self-verification is insecure

Bug #1603801 reported by Thomas Mayer on 2016-07-17
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-website-content
Undecided
Unassigned

Bug Description

https://help.ubuntu.com/community/VerifyIsoHowto#While_booting states that users should verify a disk by booting from the disk and using binaries on disk for verification.

While I go along that this is sufficiant to check against random errors (transmission/storage), I think this would be a stupid way to check against a willingly compromised media.

Proof-of-concept:
IF an attacker (e.g. MITM, CD-Shop, download mirror etc.) can manipulate an ISO THEN he or she also can manipulate hashing tools like md5sum, shasum, sha256sum.

The hashing tool could e.g. always output the original hash of the ISO. Or, more sophisticated, do this only if the incoming file has known properties like a known file size. As a result, verification is passed although it should not pass for a compromised media.

There should at least be a warning on the web site, otherwise users feel in non-existent safety.

Thomas Mayer (thomas303) on 2016-08-29
information type: Private Security → Public Security
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers