From bc06eb26c5f3d55a2185cb43087d91a7a0969ae8 Mon Sep 17 00:00:00 2001 From: Tasia Iso Date: Wed, 8 May 2024 17:12:33 +0200 Subject: [PATCH] a --- docs/drafts/.curlpipebash.md | 37 +++++++++++++++-------------- docs/drafts/.noscript.md | 5 ++++ docs/drafts/.tulpamancy.md | 2 ++ theme/images/badges/firefoxnow.gif | Bin 2322 -> 0 bytes theme/main.html | 12 ++++++---- 5 files changed, 34 insertions(+), 22 deletions(-) create mode 100644 docs/drafts/.noscript.md delete mode 100644 theme/images/badges/firefoxnow.gif diff --git a/docs/drafts/.curlpipebash.md b/docs/drafts/.curlpipebash.md index 0757a4a..ff9f0e4 100644 --- a/docs/drafts/.curlpipebash.md +++ b/docs/drafts/.curlpipebash.md @@ -1,5 +1,7 @@ # DRAFT: curl | bash +2024-05-08 + In April of 2024 I wrote a post on Fediverse explaining that using `curl | bash` was not a security risk. A bit later, I debated on the same subject on a Matrix channel. The other parties involved caused me to do some further research on the subject and led me to review my opinion. As one could imagine, it turns out that the answer actually is, "it depends". I based my original argument on the fact that you ultimately have to trust the person that provides you the code, which is true, but *incomplete*. @@ -52,15 +54,16 @@ This script installs the Determinate Nix installer, a Nix-based package manager. - `https://install.determinate.systems/nix`: The URL that points to an installation script; - `|`: If `curl` gets the script successfully, pass it on to the next command; - `sh`: Execute whatever `curl` gets from the server -- `-s`: -- `-- install`: -- ``: +- `-s`: +- `-- install`: +- ``: We can see that the script explicitly requires `curl` to use a secure connection. At first glance, this seeems like a secure way to run the installer. However, if the server is compromised in some way, we could be downloading malware instead. We can mitigate this risk by using a method used by most package managers, which is using 2 different servers with different functions: one that hosts the artifact's cryptographic hash or signature (here called *signing autohrity*), and another one that serves the artifact directly to us (here called *artifact provider*). This way, if either server is compromised, the software that's served to the client will not be verified and therefore not run. We can reduce the risk of getting both machines compromised at once by: + - Having them be controlled by 2 different entities (companies and/or persons); - Having them be managed by 2 different systems administrators; - Using different data centers, network routes, domains and SSL certificates; @@ -89,25 +92,27 @@ There's still other parameters that I won't bother bringing into the picture rig An example infrastructure would look like this: - Signing authority - - Managed by John Doe - - Hosted in DigitalOcean (Germany or Switzerland) - - NixOS - - HTTP server: Nginx - - Domain: `determinate.systems` + + - Managed by John Doe + - Hosted in DigitalOcean (Germany or Switzerland) + - NixOS + - HTTP server: Nginx + - Domain: `determinate.systems` - Artifact provider - - Managed by Jane Poe - - Hosted by a worldwide CDN (Hetzner) - - RHEL - - HTTP server: Apache - - Domain: `install-determinate.systems` or `install.determinate.systems` + - Managed by Jane Poe + - Hosted by a worldwide CDN (Hetzner) + - RHEL + - HTTP server: Apache + - Domain: `install-determinate.systems` or `install.determinate.systems` *This is not an endorsement for RHEL, Hetzner, Apache Web Server or even Determinate Systems; as of writing this, I've never tried them. I do very much endorse the use of NixOS however.* Now, compromising this part of the supply chain has become extremely hard. The attacker will either: + - Need technical competency (TODO) in NixOS, RHEL, Nginx and Apache, as well as compromising an entire CDN (TODO); - Compromise both of the sysadmin's machines through social engineering; -... + ... - Use several of the methods listed above. Now, it would be a lot more feasible to attack another part of the supply chain, which is a subject for another article. @@ -124,8 +129,4 @@ Making a shell script that leverages this infrastructure isn't actually hard at ### Method 1: Hash - - ### Method 2: PGP signature - - diff --git a/docs/drafts/.noscript.md b/docs/drafts/.noscript.md new file mode 100644 index 0000000..279f0a1 --- /dev/null +++ b/docs/drafts/.noscript.md @@ -0,0 +1,5 @@ +# Disabling JavaScirpt + +2024-05-08 + +A bit ago I found this article where a person didsabled JavaScript on their browser by default diff --git a/docs/drafts/.tulpamancy.md b/docs/drafts/.tulpamancy.md index 7620c7e..ff06947 100644 --- a/docs/drafts/.tulpamancy.md +++ b/docs/drafts/.tulpamancy.md @@ -1,5 +1,7 @@ # Tulpamancy +2024-05-08 + Disclaimer: as of sriting this I do not have A month ago I discovered tulpamancy. diff --git a/theme/images/badges/firefoxnow.gif b/theme/images/badges/firefoxnow.gif deleted file mode 100644 index a4cd0bd3a869291f036c383b02b84be4579abb9a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2322 zcmXAodt6d?AIE=+Bq`|uwa&^^u#1=}WX(}Fg-i^y)M`_vd8?+9n~7_dt5A=(L`p^r zjTWou3QICtPwnjSLP%*Rtsd%Wb(WW;v^{3^bh@qc(6i6${rbGVm;b)s*GIG>{u6#q z8VCdg_**OhcmVJL5CV`2fCNBd0Hp$00$38j5z}A^1UP)5B$dz817HL|4+AL->si3) zgaf2}j)DVeg|IPxsanF(OT-GP1d-A73Z5AN6acFe8qEp;6mmKZg8>TD%q(DK0gMGu z7R~wr2;pOOw7Sjc~~m{VrDQV5nigEbY|xwYn~YUaup_%7!_jI zd3jTLQqQ@&eT285H)_n+zP94h9-BQmZbWdSo-`WmMl)$N<3^M;o9$-Qjv@|JO=1cHQ{%Xr zB+E&MmLwIV86{CCRy&H@tr%&=oFYG%ov@>%-A>wZ%qe1VIucN#Zz(J4lBU;{S`kr)1cN1boN>puGp=WdDR#T}KtoCp5#xWyx!xV6pZB z)ZVpgWI^FQo9RgRo{=YaTu%0jlwq^hRGte-*7qo7CAMB(?W9Ka7weNJo}E3;{{g-> z)1R;;d>@sqfwv8g2X#k8zj=7H zTN9P5t=o}jk=JhQ$#7YnJY7J&y_K&$KU2E1Lex^hn%IXYj+vtF$Mhq)4fFNt1y{Wa zjtfHcIUGZ4 z?rwVIUg4zao8nGd)k!)wJ?h1UZ?X#}SMC>0Inoc@%N8|mo%Y$f-inq)q%1Y(YyG)g zvC42x=n;87tRmiL6V!oB&sCecLa(0dN(snPsQdk^{ylLyUKTxFb#x?Xv4)?OFufpv zW3JybyE3Fxv*et5!I!FI7tT_Ba!&{>r{BjRj2a5IFpoY{@^I9LRhj0hT)dm!-2d^( zp!B)(f4-%%l;m;+aZv2=aby8b&ub8UYun;3Dk=Txw0}62-4iZgDs#Ei@?TJXhiX5#UN;hTFF)~hLA!HS1$vC5c` zESQuOJ%RYFicUdXJ%Z%O{LYXzv423i%C>06WmVlA?pt*t+p{XJj*ax*@QxYi?OYw9 zm?+tD(9Z&S_^#xdEWR7zE$uFDAp;8T<%N;UMYj#LJ@F0EB}oepMjvKO>mm zC9r2P*opl8o1gWB-BLgIejlS)7r7$z8?mcL$j=u#cZZ(hJ_jxouFewKNqe63QGl_w zINnv1hq1>xa#zi)5BknMf-=Uu=${#Lw&>xZWFN1Xws)z@;I@P{UU`H863<&v$@HK` zBFw8)7dlt&l3++njJno(vnj%FM3pj!Hl#|JJ9Z^!$J}pMcGa;*N{tD#JD3@-!$!*n zuY`LKt-)Bz>>D$@Rhm;rIr^1-v91C*Ce~dKCULbBioknS!MDpS!KD-ElBX=jk86-S zE4v%2GLLv^hnDMu@|Au6QUveOP(R&in!GH;b;tH)pI^Ki>|27!eNVO@Qmr>p+-U+D z^-lY|4AX8&bQSzQqpXR4tciB5IeeOH4<(GrnaZ@g(L&CJi{&tV-_MdY1b^4tF_q@^>9x0_=aGWWWv zF%M>3pUZQt@I&OxAe{?mvpnYAPi**dUk6ioq$xbM_=|6CRXxS5whWshdu*HAabLmp zWkXJHWA5d2^tM?T{aV49MdMv+{ zu-MO~A-Y(}Xt`u%!&@4c-0Rrb+*i$e-rV%xcY{;MJZod-r7J6bWPBBqlOq^rR3j?6 zTS&fOmRl`lw(iLM8CM45U$xhkjtZweGBmGvUEElpSr~lr!P-P0lV=4&2^@G;8?%(< zSy^b&QJUOm9&UG;Qmmt-hESGh51+no=w@dAwLIch$DUm;*wCh>^E}7IX_=Gjp|U?~ z-#q!a&tnV1t8NUd_G(Cbd5z78zEmJe%WcB8ziiV@G3JXB@7`#6dG17#vGDVryVobV H0kGtME<{UO diff --git a/theme/main.html b/theme/main.html index 5197fdc..259c275 100644 --- a/theme/main.html +++ b/theme/main.html @@ -81,10 +81,14 @@ >nixos badge + (credits) -
- This is a motherfucking website. -
- Built by mkdocs and served by tilde.club. +
+ This is a + motherfucking website. +
+ Built by mkdocs and served by + tilde.club.