On 05/05/2011 9:58 AM, "Chris Ball" <[email protected]> wrote: > There's interest, but it's more complicated than you think. As I > understand it, customization sticks can be signed and run in secure mode > because they perform no side-effects outside of /home. However, an RPM > can have a %post section which lists commands to be run *as root* during > the installation. > > So, offering the ability to install RPMs via signed customization stick > is equivalent to letting anyone run any series of commands as root. > > There may be ways to mitigate this risk, such as refusing to run any > %post scripts (some of which are necessary for proper function of > packages). Working out what the safe set of actions a hostile RPM > can perform on a system is a research project, as far as I know.
Can we make it so that it only installs signed RPMs? Would that help? Sridhar
_______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
