From mwm@mired.org  Mon Dec 30 00:31:10 2002
Return-Path: <mwm@mired.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 66E1337B401
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 30 Dec 2002 00:31:10 -0800 (PST)
Received: from mired.org (dsl-64-192-6-133.telocity.com [64.192.6.133])
	by mx1.FreeBSD.org (Postfix) with SMTP id B7AFE43EB2
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 30 Dec 2002 00:31:09 -0800 (PST)
	(envelope-from mwm@mired.org)
Received: (qmail 10077 invoked by uid 100); 30 Dec 2002 08:31:08 -0000
Message-Id: <20021230083108.10076.qmail@mired.org>
Date: 30 Dec 2002 08:31:08 -0000
From: Mike Meyer <mwm@mired.org>
Reply-To: Mike Meyer <mwm@mired.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: md5 checking is a PITA.
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         46629
>Category:       bin
>Synopsis:       md5 checking is a PITA.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec 30 00:40:02 PST 2002
>Closed-Date:    Thu Jan 23 02:54:42 PST 2003
>Last-Modified:  Thu Jan 23 02:54:42 PST 2003
>Originator:     Mike Meyer
>Release:        FreeBSD 4.7-STABLE i386
>Organization:
Meyer Consulting
>Environment:
System: FreeBSD guru.mired.org 4.7-STABLE FreeBSD 4.7-STABLE #17: Wed Oct 30 09:13:02 CST 2002 mwm@guru.mired.org:/sharetmp/obj/usr/src/sys/GURU i386


>Description:
	Checking md5 checksums is an error-prone process.
>How-To-Repeat:
	Download something that includes the output of md5 as a CHECKSUMS
	file. Notice that to confirm the checksum requires verifying the
	rather long and unpatterned checksum string by eye.
>Fix:

md5 should have a "-c file" option, which expects the output of md5 to
be in file, and confirms that the files listed in "file" exist and match
the associated checksums.

Yes, this requires trusting the mdd5 binary. On the other hand, very few
things one is interested in downloading don't require trusting some
system utility, like the c compiler. So this is at worst a marginal change
in the security given by the md5 checksums to start yes.

Yes, this is trivial to script. It shouldn't be required of every user.

Finally, FWIW, I have an Eiffel version of md5 that implements the
-c option, but is missing the standard options of md5. It's available
on request.



>Release-Note:
>Audit-Trail:

From: "Sergey N. Voronkov" <serg@tmn.ru>
To: Mike Meyer <mwm@mired.org>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/46629: md5 checking is a PITA.
Date: Tue, 31 Dec 2002 09:29:16 +0500

 On Mon, Dec 30, 2002 at 08:31:08AM -0000, Mike Meyer wrote:
 > >Description:
 > 	Checking md5 checksums is an error-prone process.
 > >How-To-Repeat:
 > 	Download something that includes the output of md5 as a CHECKSUMS
 > 	file. Notice that to confirm the checksum requires verifying the
 > 	rather long and unpatterned checksum string by eye.
 > >Fix:
 > 
 > md5 should have a "-c file" option, which expects the output of md5 to
 > be in file, and confirms that the files listed in "file" exist and match
 > the associated checksums.
 > 
 > Yes, this requires trusting the mdd5 binary. On the other hand, very few
 > things one is interested in downloading don't require trusting some
 > system utility, like the c compiler. So this is at worst a marginal change
 > in the security given by the md5 checksums to start yes.
 > 
 > Yes, this is trivial to script. It shouldn't be required of every user.
 > 
 > Finally, FWIW, I have an Eiffel version of md5 that implements the
 > -c option, but is missing the standard options of md5. It's available
 > on request.
 > 
 
 #cd /var/ftp/pub/FreeBSD/releases/i386/4.7-RELEASE-p2/bin/
 #md5 [a-z]* | diff - CHECKSUM.MD5
 
 Looks like verifying is simple with current version. :-))
 
 Serg N. Voronkov,
 Sibitex JSC.

From: Mike Meyer <mwm-dated-1042007519.1c4605@mired.org>
To: "Sergey N. Voronkov" <serg@tmn.ru>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/46629: md5 checking is a PITA.
Date: Fri, 3 Jan 2003 00:31:57 -0600

 In <20021231042916.GA4654@sv.tech.sibitex.tmn.ru>, Sergey N. Voronkov <serg@tmn.ru> typed:
 > On Mon, Dec 30, 2002 at 08:31:08AM -0000, Mike Meyer wrote:
 > > >Description:
 > > 	Checking md5 checksums is an error-prone process.
 > > >How-To-Repeat:
 > > 	Download something that includes the output of md5 as a CHECKSUMS
 > > 	file. Notice that to confirm the checksum requires verifying the
 > > 	rather long and unpatterned checksum string by eye.
 > > >Fix:
 > > 
 > > md5 should have a "-c file" option, which expects the output of md5 to
 > > be in file, and confirms that the files listed in "file" exist and match
 > > the associated checksums.
 > > 
 > > Yes, this requires trusting the mdd5 binary. On the other hand, very few
 > > things one is interested in downloading don't require trusting some
 > > system utility, like the c compiler. So this is at worst a marginal change
 > > in the security given by the md5 checksums to start yes.
 > > 
 > > Yes, this is trivial to script. It shouldn't be required of every user.
 > > 
 > > Finally, FWIW, I have an Eiffel version of md5 that implements the
 > > -c option, but is missing the standard options of md5. It's available
 > > on request.
 > > 
 > 
 > #cd /var/ftp/pub/FreeBSD/releases/i386/4.7-RELEASE-p2/bin/
 > #md5 [a-z]* | diff - CHECKSUM.MD5
 > 
 > Looks like verifying is simple with current version. :-))
 
 No, one special case is very simple. Your example quits working as
 soon as any of the tarballs start with an upper case letter, or if the
 md5 sum file doesn't have the files in ascii sort order, or if some of
 the files listed are in subdirectories - all of which md5 will gladly
 do if invoked. For instance, I did:
 
 	/sbin/md5 xc/* LimeWireLinux.tgz > CHECKSUM.MD5
 
 and generated an CHECKSUM.MD5 file that does all three of those
 things.
 
 Having to recreate the arguments handed to md5 to get correct results
 is silly when MD5 already has all the information it needs to check
 the files listed in the MD5 file.
 
 	<mike
 -- 
 Mike Meyer <mwm@mired.org>		http://www.mired.org/consulting.html
 Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
State-Changed-From-To: open->closed 
State-Changed-By: dougb 
State-Changed-When: Thu Jan 23 02:53:57 PST 2003 
State-Changed-Why:  

Your idea is not entirely without merit, however it's incredibly 
unlikely that any work will be done on it unless patches are 
submitted. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=46629 
>Unformatted:
