software that knows how to update itself
Heiko Wundram
heikowu at ceosg.de
Thu Sep 16 07:13:08 EDT 2004
Am Mittwoch, 15. September 2004 14:46 schrieb Brad Tilley:
> def update_urself():
> receive updated socket server code & write it to a file
> verify file with crc or md5sum check on both ends
This step is very dangerous, as only checking a hash on the client and server
side can really lead to problems when you have a malicious client giving out
the new file.
What you should do:
--- Generate private/public key pair for the client which will update the
server.
--- Export the public key, and hand it out with each distributed server.
--- Now, when sending a new sock_serv.py, the server can check the digital
signature which is also sent by the client (which it can create, because it
has the private key, and which the server can check because it has the public
key as distributed in step 2).
--- Only if this signature check is okay (better use some form of SHA for
creating the signature) will the client accept the new file.
> if verify is OK:
> close all connections
> replace sock_serv.py with sock_serv_update.py
>
> if conn.recv == 'UPDATE'
> update_urself()
For the rest, it looks okay.
If you need to implement something like this, I'd like to point you to Sophie
(a crypto library I've written, which directly works on top of libgmp, the
gnu multi precision integer library).
http://www.heim-d.de/~heikowu/Crypto
HTH!
Heiko.
More information about the Python-list
mailing list