Add FAQ entry on how Cygwin counters install and update MITM attacks
* faq-setup.xml: Document how Cygwin secures installation and update against man-in-the-middle (MITM) attacks. Note that setup embeds a public key to check the signature of setup.ini, and that setup.ini includes SHA-512 cryptographic hashes. Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
This commit is contained in:
		
				
					committed by
					
						 Corinna Vinschen
						Corinna Vinschen
					
				
			
			
				
	
			
			
			
						parent
						
							383ff5fc47
						
					
				
				
					commit
					f33e34f333
				
			| @@ -1,3 +1,10 @@ | |||||||
|  | 2015-04-02  David A. Wheeler  <dwheeler@dwheeler.com> | ||||||
|  |  | ||||||
|  | 	* faq-setup.xml: Document how Cygwin secures installation and | ||||||
|  | 	update against man-in-the-middle (MITM) attacks.  Note that | ||||||
|  | 	setup embeds a public key to check the signature of setup.ini, | ||||||
|  | 	and that setup.ini includes SHA-512 cryptographic hashes. | ||||||
|  |  | ||||||
| 2015-03-31  Jon TURNEY  <jon.turney@dronecode.org.uk> | 2015-03-31  Jon TURNEY  <jon.turney@dronecode.org.uk> | ||||||
|  |  | ||||||
| 	* misc-funcs.xml (cygwin_internal): Correct return type. | 	* misc-funcs.xml (cygwin_internal): Correct return type. | ||||||
|   | |||||||
| @@ -156,6 +156,120 @@ and that installing the older version will not help improve Cygwin. | |||||||
| </para> | </para> | ||||||
| </answer></qandaentry> | </answer></qandaentry> | ||||||
|  |  | ||||||
|  | <qandaentry id="faq.setup.install-security"> | ||||||
|  | <question><para>How does Cygwin secure the installation and update process?</para></question> | ||||||
|  | <answer> | ||||||
|  |  | ||||||
|  | <para> | ||||||
|  | Here is how Cygwin secures the installation and update process to counter | ||||||
|  | <ulink url="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">man-in-the-middle (MITM) attacks</ulink>: | ||||||
|  | </para> | ||||||
|  |  | ||||||
|  | <orderedlist> | ||||||
|  | <listitem><para>The Cygwin website provides the setup program | ||||||
|  | (<literal>setup-x86.exe</literal> or <literal>setup-x86_64.exe</literal>) | ||||||
|  | using HTTPS (SSL/TLS). | ||||||
|  | This authenticates that the setup program | ||||||
|  | came from the Cygwin website | ||||||
|  | (users simply use their web browsers to download the setup program). | ||||||
|  | You can use tools like Qualsys' SSL Server Test, | ||||||
|  | <ulink url="https://www.ssllabs.com/ssltest/"/>, | ||||||
|  | to check the HTTPS configuration of Cygwin. | ||||||
|  | The cygwin.com site supports HTTP Strict Transport Security (HSTS), | ||||||
|  | which forces the browser to keep using HTTPS once the browser has seen | ||||||
|  | it before (this counters many downgrade attacks). | ||||||
|  | </para></listitem> | ||||||
|  | <listitem><para>The setup program has the | ||||||
|  | Cygwin public key embedded in it. | ||||||
|  | The Cygwin public key is protected from attacker subversion | ||||||
|  | during transmission by the previous step, and this public | ||||||
|  | key is then used to protect all later steps. | ||||||
|  | You can confirm that the key is in setup by looking at the setup project | ||||||
|  | (<ulink url="http://sourceware.org/cygwin-apps/setup.html"/>) | ||||||
|  | source code file <literal>cyg-pubkey.h</literal> | ||||||
|  | (the key is automatically generated from file <literal>cygwin.pub</literal>). | ||||||
|  | </para></listitem> | ||||||
|  | <listitem><para>The setup program downloads | ||||||
|  | the package list <literal>setup.ini</literal> from a mirror | ||||||
|  | and checks its digital signature. | ||||||
|  | The package list is in the file | ||||||
|  | <literal>setup.bz2</literal> (compressed) or | ||||||
|  | <literal>setup.ini</literal> (uncompressed) on the selected mirror. | ||||||
|  | The package list includes for every official Cygwin package | ||||||
|  | the package name, cryptographic hash, and length (in bytes). | ||||||
|  | The setup program also gets the relevant <literal>.sig</literal> | ||||||
|  | (signature) file for that package list, and checks that the package list | ||||||
|  | is properly signed with the Cygwin public key embedded in the setup program. | ||||||
|  | A mirror could corrupt the package list and/or signature, but this | ||||||
|  | would be detected by setup program's signature detection | ||||||
|  | (unless you use the <literal>-X</literal> option to disable signature checking). | ||||||
|  | The setup program also checks the package list | ||||||
|  | timestamp/version and reports to the user if the file | ||||||
|  | goes backwards in time; that process detects downgrade attacks | ||||||
|  | (e.g., where an attacker subverts a mirror to send a signed package list | ||||||
|  | that is older than the currently-downloaded version). | ||||||
|  | </para></listitem> | ||||||
|  | <listitem><para>The packages to be installed | ||||||
|  | (which may be updates) are downloaded and both their | ||||||
|  | lengths and cryptographic hashes | ||||||
|  | (from the signed <literal>setup.{bz2,ini}</literal> file) are checked. | ||||||
|  | Non-matching packages are rejected, countering any attacker's | ||||||
|  | attempt to subvert the files on a mirror. | ||||||
|  | Cygwin currently uses the cryptographic hash function SHA-512 | ||||||
|  | for the <literal>setup.ini</literal> files. | ||||||
|  | </para></listitem> | ||||||
|  | </orderedlist> | ||||||
|  |  | ||||||
|  | <para> | ||||||
|  | Cygwin uses the cryptographic hash algorithm SHA-512 as of 2015-03-23. | ||||||
|  | The earlier 2015-02-06 update of the setup program added support for SHA-512 | ||||||
|  | (Cygwin previously used MD5). | ||||||
|  | There are no known practical exploits of SHA-512 (SHA-512 is part of the | ||||||
|  | widely-used SHA-2 suite of cryptographic hashes). | ||||||
|  | </para> | ||||||
|  |  | ||||||
|  | </answer></qandaentry> | ||||||
|  |  | ||||||
|  | <qandaentry id="faq.setup.increase-install-security"> | ||||||
|  | <question><para>What else can I do to ensure that my installation and updates are secure?</para></question> | ||||||
|  | <answer> | ||||||
|  |  | ||||||
|  | <para> | ||||||
|  | To best secure your installation and update process, download | ||||||
|  | the setup program <literal>setup-x86.exe</literal> (32-bit) or | ||||||
|  | <literal>setup-x86_64.exe</literal> (64-bit), and then | ||||||
|  | check its signature (using a signature-checking tool you trust) | ||||||
|  | using the Cygwin public key | ||||||
|  | (<ulink url="https://cygwin.com/key/pubring.asc"/>). | ||||||
|  | This was noted on the front page for installing and updating. | ||||||
|  | </para> | ||||||
|  | <para> | ||||||
|  | If you use the actual Cygwin public key, and have an existing secure | ||||||
|  | signature-checking process, you will counter many other | ||||||
|  | attacks such as subversion of the Cygwin website and | ||||||
|  | malicious certificates issued by untrustworthy certificate authorities (CAs). | ||||||
|  | One challenge, of course, is ensuring that | ||||||
|  | you have the actual Cygwin public key. | ||||||
|  | You can increase confidence in the Cygwin public key by checking older copies | ||||||
|  | of the Cygwin public key (to see if it's been the same over time). | ||||||
|  | Another challenge is having a secure signature-checking process. | ||||||
|  | You can use GnuPG to check signatures; if you have a trusted Cygwin | ||||||
|  | installation you can install GnuPG. | ||||||
|  | Otherwise, to check the signature you must use an existing trusted tool or | ||||||
|  | install a signature-checking tool you can trust. | ||||||
|  | </para> | ||||||
|  | <para> | ||||||
|  | Not everyone will go through this additional effort, | ||||||
|  | but we make it possible for those who want that extra confidence. | ||||||
|  | We also provide automatic mechanisms | ||||||
|  | (such as our use of HTTPS) for those with limited time and | ||||||
|  | do not want to perform the signature checking on the setup program itself. | ||||||
|  | Once the correct setup program is running, it will counter other attacks | ||||||
|  | as described in | ||||||
|  | <ulink url="https://cygwin.com/faq/faq.html#faq.setup.install-security"/>. | ||||||
|  | </para> | ||||||
|  | </answer></qandaentry> | ||||||
|  |  | ||||||
| <qandaentry id="faq.setup.virus"> | <qandaentry id="faq.setup.virus"> | ||||||
| <question><para>Is Cygwin Setup, or one of the packages, infected with a virus?</para></question> | <question><para>Is Cygwin Setup, or one of the packages, infected with a virus?</para></question> | ||||||
| <answer> | <answer> | ||||||
| @@ -197,8 +311,13 @@ disk if you are paranoid. | |||||||
| </orderedlist> | </orderedlist> | ||||||
|  |  | ||||||
| <para>This should be safe, but only if Cygwin Setup is not substituted by | <para>This should be safe, but only if Cygwin Setup is not substituted by | ||||||
| something malicious, and no mirror has been compromised. | something malicious. | ||||||
|  | See also | ||||||
|  | <ulink url="https://cygwin.com/faq/faq.html#faq.setup.install-security"/> | ||||||
|  | for a description of how the | ||||||
|  | Cygwin project counters man-in-the-middle (MITM) attacks. | ||||||
| </para> | </para> | ||||||
|  |  | ||||||
| <para>See also <ulink url="https://cygwin.com/faq/faq.html#faq.using.bloda"/> | <para>See also <ulink url="https://cygwin.com/faq/faq.html#faq.using.bloda"/> | ||||||
| for a list of applications that have been known, at one time or another, to | for a list of applications that have been known, at one time or another, to | ||||||
| interfere with the normal functioning of Cygwin. | interfere with the normal functioning of Cygwin. | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user