suggestion: rescue boot extension
Jon Masters
jonathan at jonmasters.org
Thu Jun 3 18:16:56 UTC 2010
On Thu, 2010-06-03 at 14:05 -0400, Matthew Miller wrote:
> On Wed, Jun 02, 2010 at 04:02:21PM -0400, Jon Masters wrote:
> > > Hm. I can see the use of this, but I can also see issues with how you
> > > do updates for it sanely (if at all.)
> > Yea. I think you don't do updates for it in general. I think I agree
> > with Seth that this is something Anaconda stuffs in place when it
> > installs grub. Optionally, maybe you upgrade it once per release when
> > you next run Anaconda, but basically it doesn't change. It's about "get
> > me booted to more than a command line to fix stuff", not latest glitz.
>
> This needs to be stated very clearly in the 'rules' for the feature. The
> environment should be kept minimal and rescue-focused, to reduce the risk of
> security vulnerabilities in the rescue tools. (What if there's an exploit in
> wget or curl that can be used to execute arbitrary code when you think
> you're just downloading an RPM to fix an issue?)
Agreed. But it is the same problem as "what if there's an exploit in a
library Anaconda uses to download repos during install?". There would
still be a lot of media out there and I'm not sure we've ever respun the
main images post GA for that, unless I'm just very wrong. As long as
we're very clear, I think it's ok.
Jon.
More information about the devel
mailing list