[Server-devel] rpm installation via customization stick

Chris Ball cjb at laptop.org
Tue May 10 15:29:10 EDT 2011


Hi,

On Tue, May 10 2011, Sridhar Dhanapalan wrote:
> However, I was thinking along more simplistic lines. We could have
> have it so that one can only install RPMs signed with a signature[0]
> that is present in the RPM database. This would allow users to add
> their own RPMs, but prevent 'unofficial' ones from being installed.

I think it's still more complicated than that.

There could be a Fedora-signed RPM -- perhaps a sysadmin tool of some
kind -- that opens up root access to users in some way or another.
(And of course there are many Fedora-signed RPMs that develop known
security vulnerabilities at some point in their lives.)

I don't know if such a signed RPM exists, but my point is that we're
moving the semantics of a customization key from "it's safe to secure-
boot a customization key on a locked machine" to "this greatly increases
the risk vector of secure-booting customization keys".

Anyway, I'm not saying that you shouldn't do it yourselves.  But OLPC
would have to be careful before signing a key with your patch included
if there are any locked deployments that use OLPC's keychain, which
means we should use the same care when deciding whether to merge the
patch.  Martin and dsd would be better at speaking to how big a worry
this is for deployments in real-world terms.

Thanks,

- Chris.
-- 
Chris Ball   <cjb at laptop.org>   <http://printf.net/>
One Laptop Per Child


More information about the Server-devel mailing list