You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

44 lines
1.0 KiB

  1. #!/bin/sh
  2. set -e
  3. # This is not covered by the CVE and harmless by itself, but used in
  4. # the exploit and while harmless it is also pointless to allow it
  5. TESTDIR="$(readlink -f "$(dirname "$0")")"
  6. . "$TESTDIR/framework"
  7. setupenvironment
  8. configarchitecture 'amd64'
  9. export APT_DONT_SIGN='InRelease'
  10. insertpackage 'unstable' 'foo' 'all' '1'
  11. setupaptarchive
  12. rm -rf rootdir/var/lib/apt/lists
  13. verify() {
  14. testfailure apt update
  15. testsuccess grep '^ Detached signature file' rootdir/tmp/testfailure.output
  16. testfailure apt show foo
  17. }
  18. msgmsg 'Payload after detached signature'
  19. find aptarchive -name 'Release.gpg' | while read FILE; do
  20. cp -a "$FILE" "${FILE}.bak"
  21. echo "evil payload" >> "$FILE"
  22. done
  23. verify
  24. msgmsg 'Payload in-between detached signatures'
  25. find aptarchive -name 'Release.gpg' | while read FILE; do
  26. cat "${FILE}.bak" >> "$FILE"
  27. done
  28. verify
  29. msgmsg 'Payload before detached signature'
  30. find aptarchive -name 'Release.gpg' | while read FILE; do
  31. echo "evil payload" > "$FILE"
  32. cat "${FILE}.bak" >> "$FILE"
  33. done
  34. verify