On Wed, 2011-05-04 at 20:00 -0400, Chris Ball wrote: > Hi Jerry, > > On Wed, May 04 2011, Jerry Vonau wrote: > > This there any interest in the ability to install rpms with a > > customization stick? I have a POC patch that does that with just a > > small patch to dracut's 30olpc-customization routine. > > There's interest, but it's more complicated than you think. As I > understand it, customization sticks can be signed and run in secure mode > because they perform no side-effects outside of /home. However, an RPM > can have a %post section which lists commands to be run *as root* during > the installation. > > So, offering the ability to install RPMs via signed customization stick > is equivalent to letting anyone run any series of commands as root.
How is different from using "sudo rpm/yum"? You still have to have trust in the rpms. > There may be ways to mitigate this risk, such as refusing to run any > %post scripts (some of which are necessary for proper function of > packages). Working out what the safe set of actions a hostile RPM > can perform on a system is a research project, as far as I know. > I'd say just let the deployments sign their own kernel and initrd.img, OLPC doesn't have to offer the stick for public use. Jerry _______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
