[Server-devel] rpm installation via customization stick
Reuben K. Caron
reuben at laptop.org
Tue May 10 09:09:49 EDT 2011
On May 10, 2011, at 6:14 AM, Sridhar Dhanapalan wrote:
> On 05/05/2011 9:58 AM, "Chris Ball" <cjb at laptop.org> wrote:
> > There's interest, but it's more complicated than you think. As I
> > understand it, customization sticks can be signed and run in
> secure mode
> > because they perform no side-effects outside of /home. However,
> an RPM
> > can have a %post section which lists commands to be run *as root*
> during
> > the installation.
> >
> > So, offering the ability to install RPMs via signed customization
> stick
> > is equivalent to letting anyone run any series of commands as root.
> >
> > There may be ways to mitigate this risk, such as refusing to run any
> > %post scripts (some of which are necessary for proper function of
> > packages). Working out what the safe set of actions a hostile RPM
> > can perform on a system is a research project, as far as I know.
>
> Can we make it so that it only installs signed RPMs? Would that help?
>
I signed manifest which includes a list of files would probably be
more feasible as you wouldn't have to alter the RPMs.
Reuben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/pipermail/server-devel/attachments/20110510/c412a0e7/attachment.htm
More information about the Server-devel
mailing list