[Catalog-sig] [PSF-Members] Howto Guide for MITM attacks on PyPI

Donald Stufft donald.stufft at gmail.com
Mon Feb 4 13:20:06 CET 2013 

On Monday, February 4, 2013 at 5:51 AM, Lennart Regebro wrote:
> I cc:d catalog-sig, aiming to move the dicussion there.
> 
> On Mon, Feb 4, 2013 at 11:40 AM, Christian Heimes <christian at python.org (mailto:christian at python.org)> wrote:
> > * Package creator provides her public key somehow (a PKI is tricky and
> > hard to get right)
> > 
> 
> 
> This breaks it. It can't be "somehow".
> 
> For example, I'm currently working on a project I call "Hovercraft".
> It has four dependencies: Distribute/Setuptools, docutils, lxml and
> svg.path.
> 
> I'm the author of svg.path, so including the Hovercraft package
> itself, that's five packages with four sources and four different
> public keys. If you need to go and find these public keys "somehow"
> before pip will download and install the packages, pip will become
> practically useless, as you for a practical use of it have to find
> hundreds of separate public keys. It will be come almost practically
> impossible to download and install packages securely.
> 
> Since pip in such a situation would be useless we would have to allow
> pip to install packages without checking for signatures, which then
> will be how everybody will use it, making that whole security feature
> unused and useless.
> 
> So that doesn't work. PyPI *has* to be made reliable in as much as we
> must be able to trust PyPI to either send us the correct file, or
> trust it to give us information that we can verify that it is the
> correct file, automatically. If it can't be made reliable then it has
> to be replaced.
> 
> 

Stopping MITM (Assuming this is about the post on Reddit) is as
simple as getting a real trusted SSL cert on PyPI and enforcing
that all access to PyPI is done via SSL. (Through redirects and
HSTS). During that time the various *downloaders* can be made
to verify SSL one way or another.

Additionally there is a type of MITM attack that can be done
by spoofing a DNS entry. Unfortunately the only real way to
protect against that currently is to either change the expected
protocol of PyPI and it's mirrors (by enforcing some sort of
repository level signing) or by ensuring that DNS is served
w/ DNSSEC (which doesn't have super good adoption yet
as far as DNS Servers in the wild go, however I was going
to experiment with forcing dns resolution in Python to validate
via DNSSEC).

There can be more work in the future in making a reasonable
end to end validation story possible however there are a few
clear and easy wins especially with related to getting a real
trusted SSL certificate paid for and installed and enforcing
SSL.
> 
> //Lennart
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org (mailto:Catalog-SIG at python.org)
> http://mail.python.org/mailman/listinfo/catalog-sig
> 
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20130204/8f5d9441/attachment.html>

More information about the Catalog-SIG mailing list