[C5] Auto-update verified only by SHA-256 over same channel, no signature -> fleet-wide SYSTEM RCE on MITM #14

Open
opened 2026-06-05 17:35:20 -07:00 by azcomputerguru · 0 comments

Severity: Critical

Component(s): agent

Affected file(s):

  • agent/src/update.rs

Problem:
Auto-update is verified by a SHA-256 hash delivered over the same channel as the binary, with no signature, so a MITM or evil relay yields fleet-wide SYSTEM RCE. The code carries a TODO, and a dev_insecure_tls escape hatch widens the exposure.

Recommended fix:
Embed an Ed25519 public key, sign the manifest and binary, verify before install_update, and lock dev_insecure_tls to debug builds only.

Remediation phase: P2 (SPEC-021)

From the 2026-06-05 three-way review (Claude+Gemini+Grok) — see reports/review-2026-06-05/SYNTHESIS-three-way.md (finding C5) and REMEDIATION-PLAN.md (P2).

**Severity:** Critical **Component(s):** agent **Affected file(s):** - `agent/src/update.rs` **Problem:** Auto-update is verified by a SHA-256 hash delivered over the same channel as the binary, with no signature, so a MITM or evil relay yields fleet-wide SYSTEM RCE. The code carries a TODO, and a `dev_insecure_tls` escape hatch widens the exposure. **Recommended fix:** Embed an Ed25519 public key, sign the manifest and binary, verify before `install_update`, and lock `dev_insecure_tls` to debug builds only. **Remediation phase:** P2 (SPEC-021) From the 2026-06-05 three-way review (Claude+Gemini+Grok) — see reports/review-2026-06-05/SYNTHESIS-three-way.md (finding C5) and REMEDIATION-PLAN.md (P2).
azcomputerguru added the severity:criticalcomponent:agentsecurity labels 2026-06-05 17:35:20 -07:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: azcomputerguru/guru-connect#14