Re: How secure is Preupgrade? Answer: Not.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I went ahead and read the code. I found out that the kernel and ramdisk images 
in /boot/upgrade are *not* extracted from any PGP-signed package. They are 
downloaded one by one, apparently from one of the mirrors 
in "installmirrorlist".

I also found these comments:

        # FIXME - check the packages? Durrrrrrrrrrrr

# TODO: gpgcheck downloaded pkgs

                # File exists and it's the right size.. guess it's probably OK
                # We should be doing some integrity checks but we don't have
                # anything to check it against - la la la la

The last one talks about the kernel and ramdisk images.

So no check is performed on the installer kernel before it's booted, no check 
is performed on the installer's root filesystem before the programs therein 
are executed, and the packages aren't checked either – at least not while the 
trusted, already installed OS still has control.

I've got my answer: Preupgrade is not secure. I'll continue upgrading the way 
I've done it before – either with Yum or from a DVD image on a USB stick.

Rahul Sundaram wrote:
> gpg check is during the installation/upgrade phase.

That would be OK if the installer itself were checked before it's booted, but 
since the installer is completely unchecked it can't be trusted to check 
anything.

> > That still leaves the files in /boot/upgrade, which contain executable
> > code but which are not RPM packages. Did they come out of an RPM package
> > whose signature was checked?
>
> They are.

As I wrote above, that turns out not to be the case.

> Yes but more questions about internal details on how it all works can be
> either posted to fedora-devel list or anaconda-devel list. There might
> be things folks have missed in the process.

The comments in the code show that the authors already know they "missed" all 
the signature checking.

Björn Persson

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux