On Mon, 2004-08-09 at 13:58, Stanley Allely wrote: > I do already run the full firewall with SPI, I just happened to notice > that up2date closes the authorization before package retrieval is done, > I'm just not sure how early is ok. I always thought it would require sys > admin auth. all the way through, but it evidently does not. I was just > worried about somebody outside the update system hacking in a third > party packet during the update process (like a rootkit), but I suppose > that would qualify as a "new" packet under the iptables and get > stopped? The only open port I have in the system is http for internet > access. I guess it's the fact that root is open during updates, or as > they say "Just because your paranoid, doesn't mean someone is not out to > get you" especially on line with and all the other nasty gotcha's being > available. And I've had good luck with the default up2date, and having > watched the yum update thread I'll go with "if it ain't broke, don't > fix it". > Thanks, Stan I will have to find some time to look at this. You have raised a very good question (which is actually about fedora of all things!) Just how secure is the update process used by fedora? I don't think any encryption is used for the transfer of packages, nor do I believe certificates to validate the repository. So the weak points in the update process are: 1. repository compromise 2. session hijacking 3. packet injection/spoofing Are there any others? And what is the potential of each? Compromising the repositories I think is the worst case and the most likely. Insertion of a few specially crafted packages with harmful payloads could cause a lot of problems for many people very quickly. The other possible problems are IMHO less likely since someone would have to have access to specific parts of the network in order to accomplish them. And the damage would probably be much less because of that. So can someone that knows the ins and outs of that software comment? -- Scot L. Harris <webid@xxxxxxxxxx>
