security: respond to weaknesses identified in the in-toto sec audit

[colek42]

1. Incorporate File Permissions into File Metadata Records

   • In response to the audit finding GHSA-wqrg-wjp9-wqfq, we need to include file permissions into file metadata records as part of the Omnitrail container development.

2. Remove Support for Configuration Files

   • As per the audit finding GHSA-wqrg-wjp9-wqfq, we need to remove support for configuration files in Witness. Guidance should be provided on setting configurations through API parameters or CLI arguments.

3. Add Feature to Attest Internal Configuration Parameters

   • In response to audit GHSA-wqrg-wjp9-wqfq, add a feature that attests to the Witness internal configuration parameters.

4. Strategies to Counter Layout Replay Attacks

   • According to the audit finding GHSA-73jv-h86v-c2vh, implement strategies set out in in-toto Enhancements ITE-2 and ITE-3 leveraging The Update Framework (TUF). This includes adding TUF support to Archivista to ensure freshness of Witness Policy and other data stored.

5. Implement Measures against Link File Reuse

   • As a response to the audit GHSA-6q78-j78h-pqm2, implement globally unique step names in a layout where reuse is not intended and reuse Witness policy across many pipelines as per recommendations from ITE-2 and ITE-3. Also, consider recording the hashes of the tool used in the step in the policy.

6. Improve Verification by Functionaries

   • To address audit finding GHSA-p86f-xmg6-9q4x, support checking of witness policies before creating attestations and use namespaces and security modules like Seccomp, AppArmor, and SELinux to isolate Witness from the build process. This should be implemented alongside the existing Sigstore and SPIRE key providers.

7. Clarify Position on PGP Support

   • As mentioned in response to audit GHSA-jjgp-whrp-gq8m, officially state and document that Witness neither supports nor plans to support PGP. This will ensure clarity for all users and contributors.