rpm installation via customization stick

Sridhar Dhanapalan sridhar at laptop.org.au
Tue May 10 06:14:35 EDT 2011


On 05/05/2011 9:58 AM, "Chris Ball" <cjb at laptop.org> wrote:
> There's interest, but it's more complicated than you think.  As I
> understand it, customization sticks can be signed and run in secure mode
> because they perform no side-effects outside of /home.  However, an RPM
> can have a %post section which lists commands to be run *as root* during
> the installation.
>
> So, offering the ability to install RPMs via signed customization stick
> is equivalent to letting anyone run any series of commands as root.
>
> There may be ways to mitigate this risk, such as refusing to run any
> %post scripts (some of which are necessary for proper function of
> packages).  Working out what the safe set of actions a hostile RPM
> can perform on a system is a research project, as far as I know.

Can we make it so that it only installs signed RPMs? Would that help?

Sridhar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.laptop.org/pipermail/devel/attachments/20110510/8b6ed264/attachment.html>


More information about the Devel mailing list