Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Auto update: Is this secure?

Tags:

c#

.net

security

vb.net

auto-update

Dot Net Auto Update

I felt like .net was lacking a simple secure automatic update library so I've implemented something and put it up here. Before anyone considers using the library I was keen for the update process to get a bit a peer review.

Here are the steps:

  • The client software is populated with a public key and URI to poll.
  • Client polls a URI for a manifest file.
  • Manifest is downloaded and signature (in a separate ".signature") is used to check that the manifest is valid.
  • A list of pending updates is parsed out of the manifest (to show to the user).
  • The installer file is downloaded and again is verified with a corresponding ".signature" file. (the downloaded file will be protected with ACLs)
  • The installer is run.

Mitigated threats:

  • The manifest signature should prevent any malicious downloads ("carpet bombing")
  • The installer signature should prevent any MITM attacks from sending malicious installers
  • Protecting the downloaded installer with ACLs should prevent any local escalation attacks.

Unmitigated threats:

  • A MITM attack where the attacker always reports "no updates available". (Could keep a client at a vulnerable version)

References:

  • Secure Software Updates: Disappointments and New Challenges
  • Black Ops 2008: It’s The End Of The Cache As We Know It
  • Evilgrade Will Destroy Us All

What have I missed?


like image 482
Luke Quinane Avatar asked Sep 14 '09 05:09

Luke Quinane

People also ask

What is windows auto update and how does it work?

The major aim of this program is to keep your device (computer system) secured and up to date. Additionally, Windows auto update allows you to receive security updates and the latest fixes so that your computer system can stay protected and run efficiently.

Is it possible to disable automatic updates for client security?

Note: This setting is only applicable for Client Security and does not apply for Server Security. It is not possible to disable automatic updates from the Client Security local user interface. Rename Guts2 plugin dll file (fs_ccf_guts2_plugin_32.dll)

Is it possible to implement a secure automatic PHP update?

We've previously implemented secure automatic updates in two different products (one of them is Free Software). Refer to the implementation in CMS Airship if you need a starting point. If your users won't have the Sodium extension available, look into sodium_compat. This probably won't be a problem once everyone is running PHP 7.2 and newer.

How are automatic software updates sent to my internet-connected devices?

Rather than expecting you to stay on top of all of the updates available for applications and operating systems, our automatic software updates are sent to your internet-connected devices through cloud-based monitoring and management systems.

Video Answer

1 Answers

Dan Kaminsky has a good set of guidelines for an updater:

To succeed, your update package must be:

  • Signed.
  • Signed by you.
  • Signed by you, using the right EKU (Extended Key Usage)
  • Signed from an unrevoked signature
  • Be the same product
  • Be a new version

From your description in this question, it appears that you have the first 3.

like image 119
Jesse Weigert Avatar answered Nov 11 '22 15:11

Jesse Weigert
Sign in to Comment

Related questions

Why Visual Studio 2015 freezes crashes hangs on Designer view?
How is the CLR faster than me when calling Windows API
How to convert C# Resource File Strings into methods and not just properties?
Paging the huge data that is returned by the Web API
How do I use the SqlResource method in EF Migrations?
Is it safe to use a static `Serilog.ILogger`
How to Get Selected Value from Dropdown List C# ASP.NET
Use Project Reference in Debug and Nuget in Release
Validation in Domain Driven Design
c# asp.net core Bearer error="invalid_token"
Xamarin.Android C# layout_weight error: Must specify a unit, such as "px" (Intellisense?)
await Task.CompletedTask vs return
Using HttpClient.GetFromJsonAsync(), how to handle HttpRequestException based on HttpStatusCode without extra SendAsync calls?
Cannot find .NET 5.0 Console App project template in Visual Studio 2019
How to force a MSTEST TestMethod to reset all singletons/statics before running?
How do I add attributes to a method at runtime?
Linq Query with SUM and ORDER BY
Is there a standard C# lib, like Apache commons for java?
What is REST? [duplicate]
C#: splitting a class into multiple files (with a form)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!