From owner-freebsd-bugs Mon Dec 30 0:40: 5 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 83EEC37B401 for ; Mon, 30 Dec 2002 00:40:03 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id C8FCB43ED8 for ; Mon, 30 Dec 2002 00:40:02 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id gBU8e2NS011960 for ; Mon, 30 Dec 2002 00:40:02 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id gBU8e2u1011959; Mon, 30 Dec 2002 00:40:02 -0800 (PST) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 66E1337B401 for ; Mon, 30 Dec 2002 00:31:10 -0800 (PST) Received: from mired.org (dsl-64-192-6-133.telocity.com [64.192.6.133]) by mx1.FreeBSD.org (Postfix) with SMTP id B7AFE43EB2 for ; Mon, 30 Dec 2002 00:31:09 -0800 (PST) (envelope-from mwm@mired.org) Received: (qmail 10077 invoked by uid 100); 30 Dec 2002 08:31:08 -0000 Message-Id: <20021230083108.10076.qmail@mired.org> Date: 30 Dec 2002 08:31:08 -0000 From: Mike Meyer Reply-To: Mike Meyer To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: bin/46629: md5 checking is a PITA. Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 46629 >Category: bin >Synopsis: md5 checking is a PITA. >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Dec 30 00:40:02 PST 2002 >Closed-Date: >Last-Modified: >Originator: Mike Meyer >Release: FreeBSD 4.7-STABLE i386 >Organization: Meyer Consulting >Environment: System: FreeBSD guru.mired.org 4.7-STABLE FreeBSD 4.7-STABLE #17: Wed Oct 30 09:13:02 CST 2002 mwm@guru.mired.org:/sharetmp/obj/usr/src/sys/GURU i386 >Description: Checking md5 checksums is an error-prone process. >How-To-Repeat: Download something that includes the output of md5 as a CHECKSUMS file. Notice that to confirm the checksum requires verifying the rather long and unpatterned checksum string by eye. >Fix: md5 should have a "-c file" option, which expects the output of md5 to be in file, and confirms that the files listed in "file" exist and match the associated checksums. Yes, this requires trusting the mdd5 binary. On the other hand, very few things one is interested in downloading don't require trusting some system utility, like the c compiler. So this is at worst a marginal change in the security given by the md5 checksums to start yes. Yes, this is trivial to script. It shouldn't be required of every user. Finally, FWIW, I have an Eiffel version of md5 that implements the -c option, but is missing the standard options of md5. It's available on request. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message