On Fri, Dec 03, 2021 at 06:08:49PM +0000, Davide Cavalca via devel wrote:
Broadly speaking, fs-verity makes it possible to ensure that files
that
were installed via an RPM have not been modified. It is useful in
environments where an attacker might be able to modify system files
(say, replace /bin/ls with a compromised version) and you want to
protect against that. For example, consider an appliance-like system
placed in an untrusted location where you may not be able to control
who has physical access (this could be a server, but it could also be a
kiosk in an internet point or a school). In this scenario, fs-verity
can be one of the building blocks to ensure and maintain system trust.
I'm unclear about the threat model - this is an attacker who is
someone able to overwrite single files (eg. /bin/ls) but cannot turn
off the fs-verity system as a whole?
Also if RPM can update /bin/ls then surely an attacker who can widely
compromise system files must also be able to update /bin/ls in the
same way?
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
Read my programming and virtualization blog:
http://rwmj.wordpress.com
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v