Issue metadata
Sign in to add a comment
|
ImageLoader allows component rollbacks |
||||||||||||||||||||||
Issue descriptionImageLoader service does not check the reported component version against the actual version in the signed manifest. This means that an attacker can register an old version of a component with ImageLoader and claim that its version 9999 (or any version), and ImageLoader will install and use the old component. This is a security vulnerability due to the nature of rollback attacks.
,
Jan 12 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/imageloader/+/11ce3548af878bc6f53be7f85d497550bca52961 commit 11ce3548af878bc6f53be7f85d497550bca52961 Author: Greg Kerr <kerrnel@chromium.org> Date: Sat Jan 07 01:12:32 2017 Checked reported component version against the signed manifest. This checks the reported version of the component against the version in the signed manifest. This is important because otherwise an attacker can rollback a component by lying about the version. BUG=chromium:667826 TEST=FEATURES=test emerge-${BOARD} imageloader Change-Id: Ic84be0cd1f5f934c1abdd2f04b99688cc26d8673 Reviewed-on: https://chromium-review.googlesource.com/425707 Reviewed-by: Eric Caruso <ejcaruso@chromium.org> Tested-by: Greg Kerr <kerrnel@chromium.org> Commit-Queue: Greg Kerr <kerrnel@chromium.org> [modify] https://crrev.com/11ce3548af878bc6f53be7f85d497550bca52961/imageloader_impl.cc [modify] https://crrev.com/11ce3548af878bc6f53be7f85d497550bca52961/imageloader_unittest.cc
,
Jan 13 2017
,
Jan 13 2017
Component updates aren't enabled for Chrome OS in M56, so this affects Head only.
,
Jan 13 2017
,
Jan 13 2017
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 16 2017
,
Jan 16 2017
,
Jan 28 2017
,
Apr 24 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 1 2017
,
Jan 22 2018
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by kerrnel@chromium.org
, Jan 7 2017