Upgrading to next version of Fedora
Richard England
rlengland at verizon.net
Sun Aug 3 05:18:28 UTC 2008
Björn Persson wrote:
> lördagen den 2 augusti 2008 skrev Richard England:
>
>> Björn Persson wrote:
>>
>>> Richard England wrote:
>>>
>>>> Dave Feustel wrote:
>>>>
>>>>> What is involved in upgrading from one version of Fedora to the next?
>>>>> (eg from Fedora 9 to Fedora 10 when F-10 becomes available)
>>>>>
>>>> You might look into preupgrade
>>>>
>>> But you should be aware that Preupgrade is a possible attack vector if
>>> someone is trying to sneak malware into your computer. It doesn't check
>>> the files it downloads for tampering.
>>>
>>> Yum checks all the packages it installs, and for CD images there are
>>> signed checksums so that you can verify them manually.
>>>
>>> Björn Persson
>>>
>> I was under the impression that RPM was still used by Anaconda and the
>> MD5 was still checked by RPM at installation time.
>>
>
> 1: It's the PGP signature that needs to be checked, not the MD5 sum. RPM can
> check PGP signatures but Anaconda doesn't tell RPM to do that.
>
> 2: Installation time is too late in the case of Preupgrade. The installer
> needs to be checked before it is booted. After the reboot you have a possibly
> malicious RPM running on a possibly malicious Linux, and if signatures were
> to be checked in that stage it would be a possibly malicious GPG checking
> signatures against a possibly false PGP key.
>
>
>> Does anyone that can speak to it know what security changes are planned
>> / will be in place for F10?
>>
>
> There are two enhancement tickets but no target dates:
>
> https://fedorahosted.org/preupgrade/ticket/7
> "gpg check downloaded packages"
> "For safety's sake, we should gpgcheck the packages as we download them."
>
> That's one important step but it doesn't include the installer, which is the
> next ticket:
>
> https://fedorahosted.org/preupgrade/ticket/8
> "Checksums and file sizes for boot images"
> "If anaconda .treeinfo included file size and checksums for
> initrd/vmlinuz/etc, we could provide more accurate download progress, resume
> interrupted downloads, and be sure we have the correct files."
>
> That's not enough. Checksums don't prevent tampering. The boot images need to
> be signed with PGP and Preupgrade needs to check those signatures.
>
> Björn Persson
>
Thank you, Björn.
~~R
More information about the users
mailing list