Re: How secure is Preupgrade? Answer: Not.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Björn Persson wrote:
I went ahead and read the code. I found out that the kernel and ramdisk images in /boot/upgrade are *not* extracted from any PGP-signed package. They are downloaded one by one, apparently from one of the mirrors in "installmirrorlist".

I also found these comments:

        # FIXME - check the packages? Durrrrrrrrrrrr

# TODO: gpgcheck downloaded pkgs

                # File exists and it's the right size.. guess it's probably OK
                # We should be doing some integrity checks but we don't have
                # anything to check it against - la la la la

The last one talks about the kernel and ramdisk images.

So no check is performed on the installer kernel before it's booted, no check is performed on the installer's root filesystem before the programs therein are executed, and the packages aren't checked either – at least not while the trusted, already installed OS still has control.

I've got my answer: Preupgrade is not secure. I'll continue upgrading the way I've done it before – either with Yum or from a DVD image on a USB stick.

Rahul Sundaram wrote:
gpg check is during the installation/upgrade phase.

That would be OK if the installer itself were checked before it's booted, but since the installer is completely unchecked it can't be trusted to check anything.

That still leaves the files in /boot/upgrade, which contain executable
code but which are not RPM packages. Did they come out of an RPM package
whose signature was checked?
They are.

As I wrote above, that turns out not to be the case.

Yes but more questions about internal details on how it all works can be
either posted to fedora-devel list or anaconda-devel list. There might
be things folks have missed in the process.

The comments in the code show that the authors already know they "missed" all the signature checking.

Björn Persson

Well considering that i just did an upgrade to my x86_64 using preupgrade this is bad news indeed but at least you though to ask the question. Thanks!! We should avoid taking things for granted especially when we the resources to verify are available. AHHHH the sweet smell of open source. I am willing to be a guinea pig if one is needed because: 1. a useful tool is hard to find 2. it worked well for me (I haven't noticed any glitches that everyone else isn't having) 3. We should at no time sacrifice our security in the name of getting it done on time

However I am starting to get steamed so I will let this go right here besides which i have to blow away a completely usable install now. Boy, am i glad i used the preupgrade tool. Someone please tell me its April 1 , tell me Bjorn is wrong or i am dyslexic....

--
On the eighth day he said "There shall be no rest for the weary."

On the ninth day he farted, and it smelled like sulphur.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux