[Server-devel] rpm installation via customization stick

Reuben K. Caron reuben at laptop.org
Tue May 10 09:09:49 EDT 2011


On May 10, 2011, at 6:14 AM, Sridhar Dhanapalan wrote:

> On 05/05/2011 9:58 AM, "Chris Ball" <cjb at laptop.org> wrote:
> > There's interest, but it's more complicated than you think.  As I
> > understand it, customization sticks can be signed and run in  
> secure mode
> > because they perform no side-effects outside of /home.  However,  
> an RPM
> > can have a %post section which lists commands to be run *as root*  
> during
> > the installation.
> >
> > So, offering the ability to install RPMs via signed customization  
> stick
> > is equivalent to letting anyone run any series of commands as root.
> >
> > There may be ways to mitigate this risk, such as refusing to run any
> > %post scripts (some of which are necessary for proper function of
> > packages).  Working out what the safe set of actions a hostile RPM
> > can perform on a system is a research project, as far as I know.
>
> Can we make it so that it only installs signed RPMs? Would that help?
>
I signed manifest which includes a list of files would probably be  
more feasible as you wouldn't have to alter the RPMs.

Reuben

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/pipermail/server-devel/attachments/20110510/c412a0e7/attachment.htm 


More information about the Server-devel mailing list