Recently we started running the permissions check and virus scan well ahead of pushing to mirrors. This is great for getting those things out of the critical path but it leaves us vulnerable to attack if someone modifies files between those checks and pushing to mirrors. We should verify that nothing changes between those checks and pushing. One idea to do this is to use "--out-format=%B %l %M %U %G %f" when running the "rsync -n -av ...". This will print out file sizes, permissions, owners, groups, modified times, and the file names. Then, at the start of push to mirrors we should re-run that rsync and compare the output. If those match there should be no reason to check file hashes, because those are already in *SUMS, which we've verified haven't changed. Doing the above reduces our exposure window significantly, I don't think it eliminates it completely, though. If we do it, we should probably wait until the permissions checks and virus scan are done before running the rsync -n.
found in triage.
Priority: -- → P5
7 years ago
No longer blocks: 627271
7 years ago
Mass move of bugs to Release Automation component.
Component: Release Engineering → Release Engineering: Automation (Release Automation)
Duplicate of this bug: 732000
Product: mozilla.org → Release Engineering
The files we upload are write-only-once, so this should be addressed.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
QA Contact: rail
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.