software that knows how to update itself

[Heiko Wundram]

Am Mittwoch, 15. September 2004 14:46 schrieb Brad Tilley:
> def update_urself():
>        receive updated socket server code & write it to a file
>        verify file with crc or md5sum check on both ends

This step is very dangerous, as only checking a hash on the client and server 
side can really lead to problems when you have a malicious client giving out 
the new file.

What you should do:

--- Generate private/public key pair for the client which will update the 
server.
--- Export the public key, and hand it out with each distributed server.
--- Now, when sending a new sock_serv.py, the server can check the digital 
signature which is also sent by the client (which it can create, because it 
has the private key, and which the server can check because it has the public 
key as distributed in step 2).
--- Only if this signature check is okay (better use some form of SHA for 
creating the signature) will the client accept the new file.

>        if verify is OK:
>           close all connections
>           replace sock_serv.py with sock_serv_update.py
>
> if conn.recv == 'UPDATE'
>     update_urself()

For the rest, it looks okay.

If you need to implement something like this, I'd like to point you to Sophie 
(a crypto library I've written, which directly works on top of libgmp, the 
gnu multi precision integer library).

http://www.heim-d.de/~heikowu/Crypto

HTH!

Heiko.