Re: How secure is Preupgrade? Answer: Not.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

stan wrote:

Beartooth Sciurivore wrote:

On Wed, 21 May 2008 00:27:17 +0200, Björn Persson wrote:


I want to thank Bjorn for doing the research on this.

I went ahead and read the code. [....]

I've got my answer: Preupgrade is not secure. I'll continue upgrading
the way I've done it before – either with Yum or from a DVD image on a
USB stick.
Dumb question, probably : if you install and run preupgrade according to http://fedoraproject.org/wiki/PreUpgrade, BUT let it stop after downloading boot images, is there some user-friendly thing you can do then to make it secure? Something on the order of getting into a directory and commanding, in effect, "check all signatures"? 

    Or had we just better wait till PreUpgrade 1.0 comes out? Or ...?
If the latter, do we need to get rid of whatever-all 0.9.3-3 downloaded? Or will we be able to just "yum update PreUpgrade" in F8 and then run it again?
If you wanted to, you could verify the files yourself before they are installed as you mentioned above. Preupgrade puts them in a folder /var/cache/yum/anaconda-upgrade/packages. When it has finished downloading it requires rebooting before it will start install. So you could run rpm on the files to validate that they have proper md5 sums at that time. I think it would be rpm --checksig *.rpm while in the directory.
I thought there might be something that could be done here but I did not know what. Thanks for chiming in on this.
Because of Bjorn's research, I ran rpm -qa -V on my preupgraded Fedora 9 to see if the md5 sums for installed packages are valid. There were some packages with failed sums, but they were mostly configuration files that didn't get updated and other non critical things. 

Somewhat reassuring. I am doing the same right now.
If anaconda uses rpm to do the upgrade, there is a blurb in the man file stating that rpm automatically does the md5 check on install. I think these are signed with a Fedora specific key, so they would fail if they weren't official or were tampered with. 
Good to know. Makes me feel slightly better.
I'm not a security expert, so these might not answer the security problem. Definitely should be a check in preupgrade itself. 


Yes there should be. Thanks again.
BTW everyone I am not interested in finger pointing, what is done is done but could this not have been handled better? 


Max



--
On the eighth day he said "There shall be no rest for the weary."

On the ninth day he farted, and it smelled like sulphur.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux