[PATCH] Install customization packages left for us by a USB key.
Michael Stone
michael at laptop.org
Tue Jul 1 11:36:20 EDT 2008
On Tue, Jul 01, 2008 at 08:05:46AM -0400, C. Scott Ananian wrote:
> > 3. Why do we care whether there's a devkey? We would actually be better
> > off checking that all the RPMs we're installing are owned by uid 0,
> > this being the exact privilege that we're attempting to safeguard.
>
> because we're also trying to enforce P_SF_RUN and a whole bunch of
> other random things; all of which everyone seems to agree can be
> subsumed under "you're a developer, you can shoot yourself in the foot
> if you want to".
And, as you will observe here
http://dev.laptop.org/git?p=security;a=blob;f=rainbow.txt;hb=HEAD#l101
in my opinion, the cheapest way to implement P_SF_CORE + P_SF_RUN is by
turning the root password into a developer key, then by applying a CoW
layer such as we recently discussed.
> The loosey-goosey "but this is highly likely to break when you upgrade
> between major releases" objection, for instance, is answered by the
> foot-shooting permission.
It's also answered by the fact that RPM checks dependencies, no?
Michael
More information about the Devel
mailing list