cksum: `--check` is vulnerable, doesn't actually check
BenWiederhake opened this issue · comments
Ben Wiederhake commented
Since #6256, we accept -c
, and callers think that we actually verify the checksum of some files. However, we always exit with 0, yielding obvious false-positives like this:
$ cargo run -q cksum -a md5 /dev/null # Setup
MD5 (/dev/null) = d41d8cd98f00b204e9800998ecf8427e
$ cat <<EOF >foo.sums # More setup
> MD5 (/dev/null) = d400000000000000000000000000007e
> EOF
$ cksum -a md5 -c foo.sums # Should reject
/dev/null: FAILED
cksum: WARNING: 1 computed checksum did NOT match
[$? = 1]
$ cargo run -q cksum -a md5 -c foo.sums # But we accept?!
MD5 (foo.sums) = 396bec11fe90bdaf047158984c99546c
$
This is a bad situation. Let's either actually support -c
or not support it, but "accepting the argument and ignoring it" is a security disaster waiting to happen. This is already planned to be fixed, and perhaps even partially finished. This issue exists because I'm paranoid that we might still somehow forget to do it :D