Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve Script Safety with Checksum/Signature Verification? #127

Open
mej opened this issue Feb 27, 2023 · 0 comments
Open

Improve Script Safety with Checksum/Signature Verification? #127

mej opened this issue Feb 27, 2023 · 0 comments
Assignees
@mej
Labels
enhancement maybe? Issues/PRs for features/changes I'm not sure about; feedback and voting is greatly appreciated! security Issues/RFEs that are (or may be) security-significant

Comments

@mej
Copy link
Owner

mej commented Feb 27, 2023

Should we add new (optional) functionality that would facilitate NHC doing load-time checking of cryptographic signatures and/or checksums on script and/or config files? or is this a dumb idea?

I'm not sure if this one is worthwhile or makes sense (as the new "maybe?" label indicates), so your feedback is most welcome! And to be clear: I realize that using root-writable checksums to compare against root-writable script files is not a security feature! But if done properly, cryptographic signatures can be.

I would imagine this taking the form of either a file of filename:checksum pairs or a directory of files containing the normal output of the standard checksum commands (such as sha256sum); there are lots of ways to do it, so if you have a better idea, please let me know! 😁

So what do you think? Good idea, bad idea, or don't care either way?
@mej mej added enhancement security Issues/RFEs that are (or may be) security-significant maybe? Issues/PRs for features/changes I'm not sure about; feedback and voting is greatly appreciated! labels Feb 27, 2023
@mej mej self-assigned this Feb 27, 2023
@mej mej changed the title Improve Script Safety Improve Script Safety with Checksum/Signature Verification? Jul 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mej mej

Labels
enhancement maybe? Issues/PRs for features/changes I'm not sure about; feedback and voting is greatly appreciated! security Issues/RFEs that are (or may be) security-significant
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mej