Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport reply key mtime/ctime update #6277

Merged
merged 1 commit into from
Feb 16, 2022
Merged

Backport reply key mtime/ctime update #6277

merged 1 commit into from
Feb 16, 2022

Conversation

zenmonkeykstop
Copy link
Contributor

Status

Ready for review

Description of Changes

Backports #6270 .

Testing

@legoktm @zenmonkeykstop
Obscure creation time of source private keys on disk
348515f 
We set the GPG key creation time to 2013-05-14 to hide when they
were created, revealing when a source started using SecureDrop. However
this information was being leaked via the file modification time of the
private key material in the $keydir/private-keys-v1.d/ folder.

While we can easily change a file's mtime to a past date, faking the
ctime really isn't possible. So instead we touch each private key when
the source app starts to mask the real creation time. Because of the
nightly restarts, this will be updated within 24 hours of source
creation.

Fixes freedomofpress/securedrop-security#71.

(cherry picked from commit bff89a3)
@zenmonkeykstop zenmonkeykstop requested a review from a team as a code owner February 16, 2022 17:41
conorsch
conorsch approved these changes Feb 16, 2022
View reviewed changes
Copy link
Contributor

@conorsch conorsch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍, just waiting on CI to merge

@codecov-commenter
Copy link

codecov-commenter commented Feb 16, 2022
edited
Loading

Codecov Report

Merging #6277 (348515f) into release/2.2.0 (eed98b7) will decrease coverage by 0.01%.
The diff coverage is 77.77%.

Impacted file tree graph

@@                Coverage Diff                @@
##           release/2.2.0    #6277      +/-   ##
=================================================
- Coverage          84.09%   84.07%   -0.02%     
=================================================
  Files                 60       60              
  Lines               4199     4208       +9     
  Branches             506      508       +2     
=================================================
+ Hits                3531     3538       +7     
- Misses               548      549       +1     
- Partials             120      121       +1
Impacted Files Coverage Δ
securedrop/source_app/__init__.py 90.32% <77.77%> (-1.35%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update eed98b7...348515f. Read the comment docs.

@zenmonkeykstop zenmonkeykstop merged commit 41a06b9 into release/2.2.0 Feb 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@conorsch conorsch conorsch approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@zenmonkeykstop @codecov-commenter @conorsch @legoktm