Commit 632eb973 authored by Allan McRae's avatar Allan McRae
Browse files

Do not use WKD to import keys for package installs from a file



In order to use WKD in pacman -U/--upgrade operations, we need to
get the packager information from the .PKGINFO within the package.
That has obvious security implications. e.g. something like this
could convince a user to download a different key to what they
expect:

packager = foo bar <>^[[2K^[[0G:: Import PGP key DEADBEEF, "foo <bar>

While downloading an untrusted key has little impact due to the
web-of-trust model used by pacman, this could be bad in combination
with an exploit that allowed trust of keys in the keyring to be
altered.

To be safe, do not use WKD when installing using -U.

Fixes FS#73703.
Signed-off-by: Allan McRae's avatarAllan McRae <allan@archlinux.org>
parent 6b37d994
Pipeline #16348 passed with stage
in 1 minute and 57 seconds
......@@ -721,7 +721,6 @@ int SYMEXPORT alpm_pkg_load(alpm_handle_t *handle, const char *filename, int ful
int validation = 0;
char *sigpath;
alpm_pkg_t *pkg_temp;
char *packager;
CHECK_HANDLE(handle, return -1);
ASSERT(pkg != NULL, RET_ERR(handle, ALPM_ERR_WRONG_ARGS, -1));
......@@ -747,13 +746,7 @@ int SYMEXPORT alpm_pkg_load(alpm_handle_t *handle, const char *filename, int ful
char *key = k->data;
if(_alpm_key_in_keychain(handle, key) == 0) {
pkg_temp = _alpm_pkg_load_internal(handle, filename, full);
if(pkg_temp) {
packager = pkg_temp->packager;
} else {
packager = NULL;
}
if(_alpm_key_import(handle, packager, key) == -1) {
if(_alpm_key_import(handle, NULL, key) == -1) {
fail = 1;
}
_alpm_pkg_free(pkg_temp);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment