Re: Upgrading to next version of Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

lördagen den 2 augusti 2008 skrev Richard England:
> Björn Persson wrote:
> > Richard England wrote:
> >> Dave Feustel wrote:
> >>> What is involved in upgrading from one version of Fedora to the next?
> >>> (eg from Fedora 9 to Fedora 10 when F-10 becomes available)
> >>
> >> You might look into preupgrade
> >
> > But you should be aware that Preupgrade is a possible attack vector if
> > someone is trying to sneak malware into your computer. It doesn't check
> > the files it downloads for tampering.
> >
> > Yum checks all the packages it installs, and for CD images there are
> > signed checksums so that you can verify them manually.
> >
> > Björn Persson
>
> I was under the impression that RPM was still used by Anaconda and the
> MD5 was still checked by RPM at installation time.

1: It's the PGP signature that needs to be checked, not the MD5 sum. RPM can 
check PGP signatures but Anaconda doesn't tell RPM to do that.

2: Installation time is too late in the case of Preupgrade. The installer 
needs to be checked before it is booted. After the reboot you have a possibly 
malicious RPM running on a possibly malicious Linux, and if signatures were 
to be checked in that stage it would be a possibly malicious GPG checking 
signatures against a possibly false PGP key.

> Does anyone that can speak to it know what security changes are planned
> / will be in place for F10?

There are two enhancement tickets but no target dates:

https://fedorahosted.org/preupgrade/ticket/7
"gpg check downloaded packages"
"For safety's sake, we should gpgcheck the packages as we download them."

That's one important step but it doesn't include the installer, which is the 
next ticket:

https://fedorahosted.org/preupgrade/ticket/8
"Checksums and file sizes for boot images"
"If anaconda .treeinfo included file size and checksums for 
initrd/vmlinuz/etc, we could provide more accurate download progress, resume 
interrupted downloads, and be sure we have the correct files."

That's not enough. Checksums don't prevent tampering. The boot images need to 
be signed with PGP and Preupgrade needs to check those signatures.

Björn Persson

Attachment: signature.asc
Description: This is a digitally signed message part.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux