Re: How secure is Preupgrade?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Rahul Sundaram wrote:
> Preupgrade is essentially a wrapper around yum.

OK

> Yum has gpg signature support

Yes. Otherwise I'd be very very worried, with all the updating that's going on 
in Fedora.

> and it does check the keys used while building the packages when 
> it is installing them by default just like it does on any regular
> installations or upgrades of packages.

I'm not sure what you mean here. I think you mean that Yum checks the packages 
when it has downloaded them, so that when Preupgrade wants to reboot, all the 
packages are known to be good. Is that right? (The "when it is installing 
them" part seems to indicate, to the contrary, that the checking happens 
during the upgrade, after the reboot.)

That still leaves the files in /boot/upgrade, which contain executable code 
but which are not RPM packages. Did they come out of an RPM package whose 
signature was checked? Were they checked against some detached PGP signatures 
that I haven't found? Were they downloaded with HTTPS from a trusted server? 
(Some random dude's mirror isn't necessarily trusted.) Or have they not been 
checked at all? Signatures on all the packages don't help much if the kernel 
itself is a Trojan horse, you know.

> Anaconda merely is picking up the 
> updates from your local hard disk after preupgrade in combination with
> yum has downloaded them.

That's fine, if Yum has checked the files, but I'm told that Anaconda can also 
download additional files on its own. Preupgrade told me "Not enough space 
in /boot/upgrade to cache stage2.img. It will be downloaded once the 
installer starts." Furthermore, someone wrote here in fedora-list that some 
packages had been missing after the reboot into the installer system, despite 
Preupgrade, and that those had been downloaded automatically during the 
upgrade. These files must of course also be checked. Will stage2.img be 
checked against some signature that is present in initrd.img? And does the 
RPM in the installer system have the necessary keys to check the signatures 
when Anaconda decides to download additional packages?

Björn Persson

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux