[Server-devel] rpm installation via customization stick

Jerry Vonau jvonau at shaw.ca
Wed May 4 20:12:57 EDT 2011


On Wed, 2011-05-04 at 20:00 -0400, Chris Ball wrote:
> Hi Jerry,
> 
> On Wed, May 04 2011, Jerry Vonau wrote:
> > This there any interest in the ability to install rpms with a
> > customization stick? I have a POC patch that does that with just a
> > small patch to dracut's 30olpc-customization routine.
> 
> There's interest, but it's more complicated than you think.  As I
> understand it, customization sticks can be signed and run in secure mode
> because they perform no side-effects outside of /home.  However, an RPM
> can have a %post section which lists commands to be run *as root* during
> the installation.
> 
> So, offering the ability to install RPMs via signed customization stick
> is equivalent to letting anyone run any series of commands as root.

How is different from using "sudo rpm/yum"? You still have to have trust
in the rpms.

> There may be ways to mitigate this risk, such as refusing to run any
> %post scripts (some of which are necessary for proper function of
> packages).  Working out what the safe set of actions a hostile RPM
> can perform on a system is a research project, as far as I know.
> 

I'd say just let the deployments sign their own kernel and initrd.img,
OLPC doesn't have to offer the stick for public use. 

Jerry   




More information about the Server-devel mailing list