FYI: MaximumRPM was written in 1997 and does not begin to define the necessary 
semantics to implement signatures on mutable files in a useful way. There have 
been several changes in both %config/%ghost handling since 1997.

Q: What use is it to IMA policies to have a pre-packaged signature on a file 
that has been marked %config?

The original RFE pretended to a type of configuration that is inaccessible to a 
user on a embedded/handheld device that could not (or should not) be changed. 
In which case, using %config is a packaging error imho and can be handled 
through the existing file signing mechanisms.

The original RFP (and your comment) indicates that indeed, signing mutated 
files has obvious failure cases, which is ultimately a 2nd type of "really 
mutatable" %config, different from the packaging error misuse/abuse of %config 
on a file that a user could not (or should not) change.

Finally there are several comments -- including mine -- that indicate that the 
ability to sign "mutable" %config files does not seem very useful, and hence 
needs a disabler with opt-in default behavior.

Adding the ability to change the ima signature in the xattr after installation, 
so that the modified, not the original %config template, would (at least) 
change my opinion, similarly for %ghost. But that isn't what is being proposed.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Rpm-maint mailing list

Reply via email to