Installing RPMS via Customization Key

Michael Stone michael at laptop.org
Fri Mar 7 02:23:41 EST 2008


Friends,

It's completely unsafe to use the new USB customization keys to execute
software located on-key or on-NAND because any opportunity for arbitrary code
execution as uid 0 represents a serious threat to our first-boot activation
security.

Since we appear to want to be able to customize images with new RPMS, this
leaves us in a somewhat sticky situation. The following patch represents one
approach to resolving the difficulty - that of postponing the running of any
commands until after the activation initramfs yields control to late userland.

Let me know what you think, both of the patch and of the approach,

Michael




More information about the Devel mailing list