[Server-devel] rpm installation via customization stick

Chris Ball cjb at laptop.org
Wed May 4 20:00:31 EDT 2011


Hi Jerry,

On Wed, May 04 2011, Jerry Vonau wrote:
> This there any interest in the ability to install rpms with a
> customization stick? I have a POC patch that does that with just a
> small patch to dracut's 30olpc-customization routine.

There's interest, but it's more complicated than you think.  As I
understand it, customization sticks can be signed and run in secure mode
because they perform no side-effects outside of /home.  However, an RPM
can have a %post section which lists commands to be run *as root* during
the installation.

So, offering the ability to install RPMs via signed customization stick
is equivalent to letting anyone run any series of commands as root.

There may be ways to mitigate this risk, such as refusing to run any
%post scripts (some of which are necessary for proper function of
packages).  Working out what the safe set of actions a hostile RPM
can perform on a system is a research project, as far as I know.

Thanks,

- Chris.
-- 
Chris Ball   <cjb at laptop.org>   <http://printf.net/>
One Laptop Per Child


More information about the Server-devel mailing list