nn- wrote:What if the signature checking code contains a bug and does not work correctly? What if there is a bug allowing signature checking to be bypassed? What if the signature itself happens to be weak (see Debian ssl vulnerability)?
The signature checking code is fairly well vetted. You can verify at least RSASSA-PKCS1-v1_5 signatures by using RSA authentication in phpseclib's Net/SSH2.php. I'm thinking it'd be better to use RSASSA-PSS as defined in PKCS#1 v2.0+ but phpseclib's RSASSA-PKCS1-v1_5 implementation is certainly more vetted than it's RSASSA-PSS implementation. Maybe there's some obscure bug that only manifests itself under really rare conditions but the code is pretty straight forward.
As for there being a bug in phpBB4's yet-to-be implemented signature verification routines... it's hard to comment on something that hasn't been implemented.
As for the Debian SSL vulnerability... correct me if I'm wrong, but that was relating to key creation - not to signature verification - was it not? More to the point, I believe the problem was that the random number generator used generated comparatively easy-to-predict keys.
Giving code write access to itself is dangerous. It is unfortunately inevitable to some degree with php due to how typical php servers are setup, but please make this feature completely optional. It is convenient, and automatically installing signed updates is more secure than automatically installing arbitrary code, but either case is less secure than a properly configured environment where automatic updates are not possible.
Such a feature would have to be optional unless phpBB4 shipped with the requirement that it be installed in a publicly writable directory (which would be silly). Wordpress doesn't even have that requirement. With Wordpress, you're prompted, if you chose to pursue this upgrade route, for login info. With phpBB4, under this proposal, you'd be asked for that same thing. phpseclib has a pure-PHP SFTP implementation that could be used for SFTP servers and pure-PHP FTP implementations are common enough (phpBB3 has one, for example).
It would be good to have a secure channel to obtain the public key/package checksums, since the package may be mirrored. Perhaps over SSL?
I don't see downloading the updates over https as being necessary. https just ensures that people can't eavesdrop and that's not really a concern here, anyway. The goal, here, isn't confidentiality - it's integrity.
It's kinda like... when you download Apache, you can download PGP signatures to verify the integrity of the package you downloaded even though the download, itself, isn't done over https.