On Fri, Dec 03, 2021 at 06:08:49PM +0000, Davide Cavalca via devel wrote: > Broadly speaking, fs-verity makes it possible to ensure that files that > were installed via an RPM have not been modified. It is useful in > environments where an attacker might be able to modify system files > (say, replace /bin/ls with a compromised version) and you want to > protect against that. For example, consider an appliance-like system > placed in an untrusted location where you may not be able to control > who has physical access (this could be a server, but it could also be a > kiosk in an internet point or a school). In this scenario, fs-verity > can be one of the building blocks to ensure and maintain system trust. I'm unclear about the threat model - this is an attacker who is someone able to overwrite single files (eg. /bin/ls) but cannot turn off the fs-verity system as a whole? Also if RPM can update /bin/ls then surely an attacker who can widely compromise system files must also be able to update /bin/ls in the same way? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into KVM guests. http://libguestfs.org/virt-v2v _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
