Upgrading to next version of Fedora

Richard England rlengland at verizon.net
Sun Aug 3 05:18:28 UTC 2008 

Björn Persson wrote:
> lördagen den 2 augusti 2008 skrev Richard England:
>   
>> Björn Persson wrote:
>>     
>>> Richard England wrote:
>>>       
>>>> Dave Feustel wrote:
>>>>         
>>>>> What is involved in upgrading from one version of Fedora to the next?
>>>>> (eg from Fedora 9 to Fedora 10 when F-10 becomes available)
>>>>>           
>>>> You might look into preupgrade
>>>>         
>>> But you should be aware that Preupgrade is a possible attack vector if
>>> someone is trying to sneak malware into your computer. It doesn't check
>>> the files it downloads for tampering.
>>>
>>> Yum checks all the packages it installs, and for CD images there are
>>> signed checksums so that you can verify them manually.
>>>
>>> Björn Persson
>>>       
>> I was under the impression that RPM was still used by Anaconda and the
>> MD5 was still checked by RPM at installation time.
>>     
>
> 1: It's the PGP signature that needs to be checked, not the MD5 sum. RPM can 
> check PGP signatures but Anaconda doesn't tell RPM to do that.
>
> 2: Installation time is too late in the case of Preupgrade. The installer 
> needs to be checked before it is booted. After the reboot you have a possibly 
> malicious RPM running on a possibly malicious Linux, and if signatures were 
> to be checked in that stage it would be a possibly malicious GPG checking 
> signatures against a possibly false PGP key.
>
>   
>> Does anyone that can speak to it know what security changes are planned
>> / will be in place for F10?
>>     
>
> There are two enhancement tickets but no target dates:
>
> https://fedorahosted.org/preupgrade/ticket/7
> "gpg check downloaded packages"
> "For safety's sake, we should gpgcheck the packages as we download them."
>
> That's one important step but it doesn't include the installer, which is the 
> next ticket:
>
> https://fedorahosted.org/preupgrade/ticket/8
> "Checksums and file sizes for boot images"
> "If anaconda .treeinfo included file size and checksums for 
> initrd/vmlinuz/etc, we could provide more accurate download progress, resume 
> interrupted downloads, and be sure we have the correct files."
>
> That's not enough. Checksums don't prevent tampering. The boot images need to 
> be signed with PGP and Preupgrade needs to check those signatures.
>
> Björn Persson
>   
Thank you, Björn.

~~R

More information about the users mailing list