tasiaiso/tasiaiso.vulpecula.zone
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

a

Browse source
This commit is contained in:
Tasia Iso 2024-05-08 17:12:33 +02:00
parent e3f574cf5a
commit bc06eb26c5
Signed by: tasiaiso
SSH key fingerprint: SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw
5 changed files with 34 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
docs/drafts/.curlpipebash.md
View file

@ -1,5 +1,7 @@
# DRAFT: curl | bash
2024-05-08
In April of 2024 I wrote a post on Fediverse explaining that using `curl | bash` was not a security risk. A bit later, I debated on the same subject on a Matrix channel. The other parties involved caused me to do some further research on the subject and led me to review my opinion. As one could imagine, it turns out that the answer actually is, "it depends".
I based my original argument on the fact that you ultimately have to trust the person that provides you the code, which is true, but *incomplete*.
@ -61,6 +63,7 @@ We can see that the script explicitly requires `curl` to use a secure connection
We can mitigate this risk by using a method used by most package managers, which is using 2 different servers with different functions: one that hosts the artifact's cryptographic hash or signature (here called *signing autohrity*), and another one that serves the artifact directly to us (here called *artifact provider*). This way, if either server is compromised, the software that's served to the client will not be verified and therefore not run.
We can reduce the risk of getting both machines compromised at once by:
- Having them be controlled by 2 different entities (companies and/or persons);
- Having them be managed by 2 different systems administrators;
- Using different data centers, network routes, domains and SSL certificates;
@ -89,25 +92,27 @@ There's still other parameters that I won't bother bringing into the picture rig
An example infrastructure would look like this:
- Signing authority
- Managed by John Doe
- Hosted in DigitalOcean (Germany or Switzerland)
- NixOS
- HTTP server: Nginx
- Domain: `determinate.systems`
- Managed by John Doe
- Hosted in DigitalOcean (Germany or Switzerland)
- NixOS
- HTTP server: Nginx
- Domain: `determinate.systems`
- Artifact provider
- Managed by Jane Poe
- Hosted by a worldwide CDN (Hetzner)
- RHEL
- HTTP server: Apache
- Domain: `install-determinate.systems` or `install.determinate.systems`
- Managed by Jane Poe
- Hosted by a worldwide CDN (Hetzner)
- RHEL
- HTTP server: Apache
- Domain: `install-determinate.systems` or `install.determinate.systems`
*This is not an endorsement for RHEL, Hetzner, Apache Web Server or even Determinate Systems; as of writing this, I've never tried them. I do very much endorse the use of NixOS however.*
Now, compromising this part of the supply chain has become extremely hard. The attacker will either:
- Need technical competency (TODO) in NixOS, RHEL, Nginx and Apache, as well as compromising an entire CDN (TODO);
- Compromise both of the sysadmin's machines through social engineering;
...
...
- Use several of the methods listed above.
Now, it would be a lot more feasible to attack another part of the supply chain, which is a subject for another article.
@ -124,8 +129,4 @@ Making a shell script that leverages this infrastructure isn't actually hard at
### Method 1: Hash
### Method 2: PGP signature

5
docs/drafts/.noscript.md Normal file
View file

@ -0,0 +1,5 @@
# Disabling JavaScirpt
2024-05-08
A bit ago I found this article where a person didsabled JavaScript on their browser by default

2
docs/drafts/.tulpamancy.md
View file

@ -1,5 +1,7 @@
# Tulpamancy
2024-05-08
Disclaimer: as of sriting this I do not have
A month ago I discovered tulpamancy.

BIN
theme/images/badges/firefoxnow.gif
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 2.3 KiB

12
theme/main.html
View file

@ -81,10 +81,14 @@
><img src="images/badges/nixos.png" alt="nixos badge"
/></a>
<a href="images/badges/credits.txt">(credits)</a>
<hr>
This is a <a href="https://https://motherfuckingwebsite.com">motherfucking website</a>.
<br>
Built by <a href="https://www.mkdocs.org">mkdocs</a> and served by <a href="https://tilde.club">tilde.club</a>.
<hr />
This is a
<a href="https://https://motherfuckingwebsite.com">motherfucking website</a
>.
<br />
Built by <a href="https://www.mkdocs.org">mkdocs</a> and served by
<a href="https://tilde.club">tilde.club</a>.
</body>
</html>