[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Björn Persson wrote:
lördagen den 2 augusti 2008 skrev Richard England:
Björn Persson wrote:
Richard England wrote:
Dave Feustel wrote:
What is involved in upgrading from one version of Fedora to the next?
(eg from Fedora 9 to Fedora 10 when F-10 becomes available)
You might look into preupgrade
But you should be aware that Preupgrade is a possible attack vector if
someone is trying to sneak malware into your computer. It doesn't check
the files it downloads for tampering.

Yum checks all the packages it installs, and for CD images there are
signed checksums so that you can verify them manually.

Björn Persson
I was under the impression that RPM was still used by Anaconda and the
MD5 was still checked by RPM at installation time.
1: It's the PGP signature that needs to be checked, not the MD5 sum. RPM can 
check PGP signatures but Anaconda doesn't tell RPM to do that.
2: Installation time is too late in the case of Preupgrade. The installer 
needs to be checked before it is booted. After the reboot you have a possibly 
malicious RPM running on a possibly malicious Linux, and if signatures were 
to be checked in that stage it would be a possibly malicious GPG checking 
signatures against a possibly false PGP key.
  
Does anyone that can speak to it know what security changes are planned
/ will be in place for F10?
There are two enhancement tickets but no target dates:

https://fedorahosted.org/preupgrade/ticket/7
"gpg check downloaded packages"
"For safety's sake, we should gpgcheck the packages as we download them."

That's one important step but it doesn't include the installer, which is the next ticket:
https://fedorahosted.org/preupgrade/ticket/8
"Checksums and file sizes for boot images"
"If anaconda .treeinfo included file size and checksums for initrd/vmlinuz/etc, we could provide more accurate download progress, resume interrupted downloads, and be sure we have the correct files."
That's not enough. Checksums don't prevent tampering. The boot images need to 
be signed with PGP and Preupgrade needs to check those signatures.
Björn Persson
Thank you, Björn.

~~R

--
fedora-list mailing list
[email protected]
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]
  Powered by Linux