How secure is Preupgrade? Answer: Not.
listor3.rombobeorn at tdcpost.se
Thu May 22 00:54:50 UTC 2008
Beartooth Sciurivore wrote:
> Dumb question, probably : if you install and run preupgrade
> according to http://fedoraproject.org/wiki/PreUpgrade, BUT let it stop
> after downloading boot images, is there some user-friendly thing you can
> do then to make it secure? Something on the order of getting into a
> directory and commanding, in effect, "check all signatures"?
No. You can check the RPM packages in /var/cache/yum/anaconda-upgrade/packages
with rpm --checksig (assuming you have known good public keys in the RPM
database, but that's required for Yum too). The big problem is that you can't
check the boot images in /boot/upgrade, because nobody has made signatures
for them. Making signatures is easy, but only the owners of the Fedora
project's private key can do it.
> Or had we just better wait till PreUpgrade 1.0 comes out? Or ...?
Don't hold your breath. Checking the packages is scheduled for 1.1:
Checking the boot images is scheduled for 1.2, but that ticket talks about
checksums, not signatures, so I think it's only intended to protect against
accidental corruption, not malicious tampering:
> If the latter, do we need to get rid of whatever-all 0.9.3-3
> downloaded? Or will we be able to just "yum update PreUpgrade" in F8 and
> then run it again?
I get the impression that Preupgrade is intended to keep previously downloaded
files if you run it again, and only download missing files and new
dependencies, if any.
If you choose to upgrade with Yum it should be possible to tell Yum to use the
packages that Preupgrade downloaded. The security will then be the same as in
any yum update command. Just be sure to delete the unchecked boot images so
you don't accidentally boot them.
More information about the users