lördagen den 2 augusti 2008 skrev Richard England: > Björn Persson wrote: > > Richard England wrote: > >> Dave Feustel wrote: > >>> What is involved in upgrading from one version of Fedora to the next? > >>> (eg from Fedora 9 to Fedora 10 when F-10 becomes available) > >> > >> You might look into preupgrade > > > > But you should be aware that Preupgrade is a possible attack vector if > > someone is trying to sneak malware into your computer. It doesn't check > > the files it downloads for tampering. > > > > Yum checks all the packages it installs, and for CD images there are > > signed checksums so that you can verify them manually. > > > > Björn Persson > > I was under the impression that RPM was still used by Anaconda and the > MD5 was still checked by RPM at installation time. 1: It's the PGP signature that needs to be checked, not the MD5 sum. RPM can check PGP signatures but Anaconda doesn't tell RPM to do that. 2: Installation time is too late in the case of Preupgrade. The installer needs to be checked before it is booted. After the reboot you have a possibly malicious RPM running on a possibly malicious Linux, and if signatures were to be checked in that stage it would be a possibly malicious GPG checking signatures against a possibly false PGP key. > Does anyone that can speak to it know what security changes are planned > / will be in place for F10? There are two enhancement tickets but no target dates: https://fedorahosted.org/preupgrade/ticket/7 "gpg check downloaded packages" "For safety's sake, we should gpgcheck the packages as we download them." That's one important step but it doesn't include the installer, which is the next ticket: https://fedorahosted.org/preupgrade/ticket/8 "Checksums and file sizes for boot images" "If anaconda .treeinfo included file size and checksums for initrd/vmlinuz/etc, we could provide more accurate download progress, resume interrupted downloads, and be sure we have the correct files." That's not enough. Checksums don't prevent tampering. The boot images need to be signed with PGP and Preupgrade needs to check those signatures. Björn Persson
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list