From 5b6279e0125526629f1aab3abf7fb43295ed14c8 Mon Sep 17 00:00:00 2001 From: Aditya Sirish Date: Fri, 23 Feb 2024 16:39:11 -0500 Subject: [PATCH 1/3] Update wildcard pattern behavior This commit adds explicit examples of targets that are not matched by a wildcard. It also adds a note warning users that incorrect assumptions about wildcard behavior can potentially lead to an untrusted role signing for a target. Signed-off-by: Aditya Sirish --- tuf-spec.md | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/tuf-spec.md b/tuf-spec.md index 1eda0da..37f0a08 100644 --- a/tuf-spec.md +++ b/tuf-spec.md @@ -3,7 +3,7 @@ Title: The Update Framework Specification Shortname: TUF Status: LS Abstract: A framework for securing software update systems. -Date: 2023-04-14 +Date: 2024-02-23 Editor: Justin Cappos, NYU Editor: Trishank Karthik Kuppusamy, Datadog Editor: Joshua Lock, Verizon @@ -1093,8 +1093,17 @@ attributes are OPTIONAL, if used, exactly one of them should be set. `"foo-version-2.tgz"` and `"foo-version-a.tgz"`, but not `"foo-version-alpha.tgz"`. * a PATHPATTERN of `"*.tgz"` would match `"foo.tgz"` and `"bar.tgz"`, - but not `"targets/foo.tgz"` - * a PATHPATTERN of `"foo.tgz"` would match only `"foo.tgz"` + but not `"targets/foo.tgz"`. + * a PATHPATTERN of `"foo.tgz"` would match only `"foo.tgz"`. + * a PATHPATTERN of `"foo/*"` matches `"foo/bar.tgz"` but not + `"foo/baz/bar.tgz"`, `"foo/bar/baz/bar.tgz"`, and so on. + + Note: It is important to understand the functioning of path patterns to + avoid mistaken assumptions that can lead to a false sense of security. For + example, an assumption that `"foo/*"` applies recursively to all files in + subdirectories of `foo` in a terminating delegation could allow a subsequent + delegated role that should not be trusted to sign for a target. + Prioritized delegations allow clients to resolve conflicts between delegated From 461cfb601f8ecf2f0738918a54c2e7d6eb086488 Mon Sep 17 00:00:00 2001 From: Aditya Sirish Date: Fri, 23 Feb 2024 16:58:47 -0500 Subject: [PATCH 2/3] fixup! remind why this is important Signed-off-by: Aditya Sirish --- tuf-spec.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/tuf-spec.md b/tuf-spec.md index 37f0a08..db522fe 100644 --- a/tuf-spec.md +++ b/tuf-spec.md @@ -1098,11 +1098,13 @@ attributes are OPTIONAL, if used, exactly one of them should be set. * a PATHPATTERN of `"foo/*"` matches `"foo/bar.tgz"` but not `"foo/baz/bar.tgz"`, `"foo/bar/baz/bar.tgz"`, and so on. - Note: It is important to understand the functioning of path patterns to - avoid mistaken assumptions that can lead to a false sense of security. For - example, an assumption that `"foo/*"` applies recursively to all files in - subdirectories of `foo` in a terminating delegation could allow a subsequent - delegated role that should not be trusted to sign for a target. + Note: As each describes the paths that a delegated role is + trusted to provide, it is important to understand the functioning of path + patterns to avoid mistaken assumptions that can lead to a false sense of + security. For example, an assumption that `"foo/*"` applies recursively to + all files in subdirectories of `foo` in a terminating delegation could allow + a subsequent delegated role that should not be trusted to sign for a target + in a subdirectory of `foo`. From 4ed28cfdf3f7f1ea15963b08a91d560cb0ba35ce Mon Sep 17 00:00:00 2001 From: Aditya Sirish Date: Fri, 23 Feb 2024 17:05:16 -0500 Subject: [PATCH 3/3] fixup! version bump Signed-off-by: Aditya Sirish --- tuf-spec.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tuf-spec.md b/tuf-spec.md index db522fe..b987510 100644 --- a/tuf-spec.md +++ b/tuf-spec.md @@ -16,7 +16,7 @@ Boilerplate: copyright no, conformance no Local Boilerplate: header yes Markup Shorthands: css no, markdown yes Metadata Include: This version off, Abstract off -Text Macro: VERSION 1.0.33 +Text Macro: VERSION 1.0.34 Note: We strive to make the specification easy to implement, so if you come