Hi Christian,
I uploaded patch [1] which shows implementation of VerifySignature class to perform verification of remote files.
This patch contain class SignatureCheck which contain method canExecute. Depending upon return value, we can chose to execute/not execute remote script. It takes into account preference while computing result.
I am taking two kinds of files while performing check. Script on remote server and script on local machine.
Following is the flow within canExecute method
- if script is a remote
- if can execute remote without signature (depending upon preference)
- if signature is not present
- else (signature is present)
- else
- else (script is local)
- if can execute local script without signature (depending upon preference)
- if signature is not present
- else (signature is present)
- else
What should happen when user has set preferences for executing script without signature and scripts is containing signature? In cases when signature is present and file is modified, it is more harmful than scripts that don't contain signature at all because, here we are catching a possible malicious intent.
For this reason, I have placed a check for signature even when user has specified via preference to execute files that don't contain signature but script contain signature.
Thanking you,
