signed one-click upgrades? | WordPress.org

viewshort
(@viewshort)

14 years, 4 months ago

A while ago, someone observed, on slashdot.org, “<i>If wordpress.org is hacked, again [wordpress.org], their one-click upgrade feature means instant ownage for all WordPress blogs everywhere.</i>”. Someone responded to that by saying this:

Haven’t they ever heard of signed patches?

Why can’t they make the one-click upgrade verify a GPG signature before performing the installation of the code contained in the upgrade file?

My question is… why doesn’t WordPress do this? Here’s a class WordPress could use to do this:

http://phpseclib.cvs.sourceforge.net/viewvc/*checkout*/phpseclib/phpseclib/Crypt/RSA.php

The wordpress devs sign with their private (encrypted) key – a key that could only be obtained through having their own personal computer hacked – and wordpress then verifies that the release was signed with the private key with Crypt_RSA. To make it even harder for an attacker to get the private key secret sharing could be employed.

The topic ‘signed one-click upgrades?’ is closed to new replies.

Tags

In: Requests and Feedback
0 replies
1 participant
Last reply from: viewshort
Last activity: 14 years, 4 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics