On 2009-11-19 10:23:53 AM, Till Maas wrote: > So at least one major security protection measure is not in place and > attackers can create their own repositories with signed packages that > have well known security flaws, e.g. a package with a bad setuid root > binary, and install it, if it is not already installed in a newer > version. I might be wrong on this, but wouldn't the attacker need to trick yum/packagekit into using the malicious repo first? I didn't think that was allowed for non-root users.
Note that even if the repomd.xml files were signed, it'd be easy for an attacker to just take an old one with a valid signature and host a repo with outdated packages. I thought metalink (https://mirrors.fedoraproject.org/metalink?repo=updates-released-f12&arch=x86_64) over https was supposed to address the problem of outdated repos though. Thanks, Ricky
pgpMJ7ihtKtum.pgp
Description: PGP signature
-- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
