Re: [Fwd: Re: How secure is Preupgrade? Answer: Not.]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Björn Persson wrote:
Will Woods wrote:
Preupgrade is currently designed to be exactly as secure as an anaconda
http install. No less, no more.

But it's not being marketed as an alternative to an Anaconda HTTP install with less downtime as the only improvement. It's being marketed as a safer alternative to a live upgrade with Yum, and as a faster, more convenient and less bandwidth-wasting alternative to downloading and burning DVD images. See this article for example:

http://www.redhatmagazine.com/2008/04/15/interview-fedora-developers-seth-vidal-and-will-woods/

The article talks a lot about how Preupgrade is better than both a Yum upgrade and a DVD-based upgrade, but says very little about network-based Anaconda upgrades, and it's completely silent about the security aspect. Here's a quote from the article:

"So you can upgrade with the convenience and bandwidth savings of a live upgrade, but without the risky craziness inherent therein."

Yeah, it avoids the risky craziness inherent in a Yum upgrade but adds instead the crazy riskiness inherent in an HTTP-based Anaconda upgrade. That's no improvement in my book. No matter what the risks with a Yum upgrade are, getting intruders in my computer is worse.

Nothing's *missing*. There just aren't any signatures to check for the
boot images, and there never have been.

For several years now, all my boot images have been included in ISO images. Those ISO images have been accompanied by checksum files, and those checksum files have been cryptographically signed. I always verify the signature and the checksums, and when they're verified correctly I know that all the files in the ISO image are clean, including the boot images.

Generating detached signatures for the boot images and putting them in the directory where the images are published would take at most five minutes of manual work for each release.

Furthermore anaconda doesn't check the gpg signatures of packages it
downloads and installs during http installs. Never has. That's bug #998.
(Yes, #998. Not a typo. See https://bugzilla.redhat.com/998)

Would you like to guess why I never do network-based installs except from my own server directly attached with a crossover cable?

Björn Persson

First my thanks to Bjorn for taking the time to start this discussion. Then my piece, after which I will try like hell to leave this alone. I am glad at least that the "preupgrade is still in testing" argument was never brought up or the "your automatically a guinea pig if you get things from the testing repo". All that aside I for one feel that if the Fedora Community is going to continue to thrive and grow then security has to be dealt with openly. I have in the past tried to broach the security issue without much success. Everyone is afraid to talk about it, instead I have seen suggestions, from some, that these things shouldn't be discussed openly for fear that crackers will get ideas. Security by obscurity is not real security, its just purposely pulling the wool over your own eyes. If the time isn't taken to properly consider these things in the planning phase then what are the odds that it will ever be dealt with properly? Who will you blame when your box gets compromised? How many will look in the mirror first when the time comes? How many of us have the stones to that honest with ourselves? A while back I posted a link to an article that I found while going over Dan Walsh's live journal, it was titled : The Six Dumbest Ideas in Computer Security. The article is itself a few years old and most of the dumb ideas much older than that, frankly I am surprised by how many of these dumb ideas are still around , not necessarily among the Fedora Community specifically but out there where I work, amongst these small businesses that I do work for on occassion, most especially but not surprisingly amongst the home pc users, largely running M$ sure but even so I have seen this ignorance extend to system admins with many years of experience. People seem to just put their security in the hands of some software engineer they have never met and accept whatever half baked piece of crap gets marketed from week to week. I wonder what it says about a community that the issue cannot be raised without it degenerating in to some mindless flame war, that a positive and useful discussion cannot take place on the bleeding edge of software amongst a community that is supposed to be leading the way for FOSS. I've said my piece, torch me in effigy if you must, start lobbing the flame grenades at me if you need a target, blame me if you like for all the ills of the world, it ultimately won't change the fact that many of us shirk our responsibilty to Fedora and Redhat. I have an operating system, completely free, it costs me nothing. All i hear is whining about the video drivers, pulseaudio. "I am going to Ubuntu" because i can't get my palm pilot to work or my mp3 codec isn't included. There is always my personal favorite "I am turning SELinux off, its too hard, it sucks, my flash doesn't work". The Adobe flash is a gaping security hole in every computer across this planet and people line up to get screwed by it. We've been given a gift, a precious thing, the freedom to define our experience and instead of helping improve it all we do is complain that it doesn't measure up to our broken standard.

--
On the eighth day he said "There shall be no rest for the weary."

On the ninth day he farted, and it smelled like sulphur ;^)

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux