Adding support for digitally signed plugins - Glenn Song on Call the Doctor 2/4/25
Plugins are valuable extensions that enhance the functionality of HDF5. They play a crucial role in adding custom features, such as various compression filters and VFDs, without requiring extensive changes to the source code. To help improve the security of HDF5, we are exploring the option to digitally signed plugins into HDF5 that would help verify and secure any plugins that a user may use. Glenn Song (@gsong), software engineer at The HDF Group, will talk about our plan outlined in this RFC on Call the Doctor on Tuesday, February 4. As always, feel free to bring your general HDF questions for Glenn and the other HDF Group staff members who will be on the call.
To join, just jump on the zoom: Launch Meeting - Zoom
February 4, 2025,12:20 p.m. central time US/Canada
Have you got feedback on the signed plugins proposal from anyone with cryptography experience? If not, please do that. Itâs not my area of expertise, but from the bits and pieces I do know, I suspect they would point out some serious flaws:
GPG is a outdated and a borderline joke at this point. Cryptography engineers have been describing its shortcomings and suggesting better options for years - see this blog post or this one, for instance. The alternatives those posts suggest for signing packages are not mentioned as rejected options in the RFC.
A bunch of important stuff like key rotation, revocation & roots of trust is skimmed over in a brief âfurther considerationsâ section, in some cases literally just saying it should be considered. This isnât just extra details! If you donât have good answers for this (or if you run out of funded time to work on itâŚ), you donât really have meaningful security.
I hope Iâm wrong about this, but the wording implies that the signature will be verified after loading the plugin library (âAfter obtaining the plugin type and information, the new code for checking if a valid digital signature existsâŚâ - at present, obtaining the plugin type and information means loading the library and calling functions from it).
More generally, whatâs the threat model youâre trying to defend against? The scenarios where someone could put an HDF5 plugin in place to be loaded automatically but canât already run arbitrary code seem pretty limited. Perhaps not zero - people do all sorts of creative things - but have you worked out what these scenarios are, and considered other ways to mitigate them besides a signature verification scheme?
In addition to seconding the concerns raised by @thomas1 , I also have a concern about the proposed distribution process.
If I am understanding the RFC correctly, it is plugin authors responsibility to sign the built binary artifacts of the plugins which in turn implies that the plugin authors are responsible for building the canonical built of their plugins for all platforms / hdf5 versions / compiler settings. This puts a huge burden on the plugin authors (a significantly higher burden in my estimation than learning to use gpg) and interacts badly with end-users who use package ecosystems (e.g. linux distros, conda-forge, homebrew, âŚ) to source their installation.
I see more use for this in a context where I can verify that I built a given plugin binary so if there were to go forward, a mode where as a packager/integrator I am responsible for providing both the signatures and the public keys fully independently of any external actor or authority. However I am not clear on what this would provide over install-time verification.
What prior art is there on this sort of signed-plugin system at the library/application level at runtime? I am more familiar with this at the packing level (that are verified at install time rather than run time and tied to an artifact build pipeline).
Thank you everyone for your feedback on this RFC for adding support for digitally signed plugins. We got good feedback during the session as wellâI have attached the recording from that session. Stay tuned for future updates on this work, and please reach out if you have additional ideas or would like to help.