On Fri, 3 Dec 2021 at 17:09, Richard W.M. Jones <rjones@xxxxxxxxxx> wrote: > > On Fri, Dec 03, 2021 at 06:08:49PM +0000, Davide Cavalca via devel wrote: > > Broadly speaking, fs-verity makes it possible to ensure that files that > > were installed via an RPM have not been modified. It is useful in > > environments where an attacker might be able to modify system files > > (say, replace /bin/ls with a compromised version) and you want to > > protect against that. For example, consider an appliance-like system > > placed in an untrusted location where you may not be able to control > > who has physical access (this could be a server, but it could also be a > > kiosk in an internet point or a school). In this scenario, fs-verity > > can be one of the building blocks to ensure and maintain system trust. > > I'm unclear about the threat model - this is an attacker who is > someone able to overwrite single files (eg. /bin/ls) but cannot turn > off the fs-verity system as a whole? > > Also if RPM can update /bin/ls then surely an attacker who can widely > compromise system files must also be able to update /bin/ls in the > same way? > Or just pad /usr/bin/rpm with some null characters at the end to break its signature and also stop updates from happening. [Or the fs-verity daemon which will report that these problems are occuring. ] -- Stephen J Smoogen. Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
