Changeset 2302


Ignore:
Timestamp:
Sep 2, 2013, 4:24:09 PM (6 years ago)
Author:
matthijs
Message:

luci: Do not allow unsigned applications from fonosfera.org

When running a dev version, it is possible to upload application
tarballs through the webui and installing them even though they are not
signed. However, this policy also extended to the applications that can
be automatically downloaded from download.fonosfera.org.

Since there is never a valid reason for those applications to be
unsigned, it is better to require them to be signed always. This
prevents the possibility of a man-in-the-middle attack that causes a
compromised, unsigned, application to be installed.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/luci/modules/admin-fon/luasrc/controller/fon_admin/fon_index.lua

    r1166 r2302  
    177177        local firmware = require("luci.model.uci").cursor():get("system", "fon", "firmware").."."..require("luci.model.uci").cursor():get("system", "fon", "revision")
    178178        local pl_file = "Plugins_"..device.."_"..firmware..".lua"
     179        local allow_unsigned = false
     180        if dev then
     181                allow_unsigned = true
     182        end
    179183
    180184        local file
     
    232236                                        file = feed..ple.plugins[i].name.."_"..ple.plugins[i].version.."_"..ple.plugins[i].device.."_"..ple.plugins[i].firmware.."_"..ple.plugins[i].signature..".tar.gz"
    233237                                end
     238                                allow_unsigned = false -- Never allow unsigned tarballs to be installed from the download server
    234239                                dl = os.execute("wget ".. file.." -qO "..tmpfile)
    235240                                redir = ple.plugins[i].redir
     
    274279                        local str, key, err = verify.fonidentify(tmpfile)
    275280                        local uci = require("luci.model.uci").cursor()
    276                         local allow_unsigned = false
    277                         local dev = uci:get("registered", "fonreg", "dev")
    278                         if dev == "1" then
    279                                 allow_unsigned = true
    280                         end
    281281                        if str ~= "hotfix" and str ~= "plugin" and str ~= "unsigned" then
    282282                                ret = "Failed to identify upload."
Note: See TracChangeset for help on using the changeset viewer.