[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: YUM security issues...



On Mon, 2008-07-28 at 17:37 -0400, Jeremy Katz wrote:
> On Mon, 2008-07-28 at 17:29 -0400, seth vidal wrote:
> > On Mon, 2008-07-28 at 17:28 -0400, Mike McLean wrote:
> > > On Mon, Jul 28, 2008 at 1:07 PM, Matt Domsch <Matt_Domsch dell com> wrote:
> > > > 1. repomd.xml needs to be signed. Either attached or detached sig
> > > >   (advice sought).  If attached, format would be
> > > 
> > > I see a number of good ideas to improve the situation, but I don't
> > > think I've seen anyone suggest the following.
> > > 
> > > Would it be feasible to audit the mirror content? We have the list of
> > > mirrors, we know what the content should be. I think we'd only need to
> > > validate the mirrored repomd.xml, right?  Doesn't seem to onerous...
> > > 
> > > yes, yes, not perfect, malicious mirror could change the content, etc,
> > > but at least we'd have some measure of detection.
> > 
> > which is the point. A malicious mirror could safely lie to us and not
> > lie to their targets.
> > 
> > Additionally, mirrormanager DOES check the mirrors.
> 
> Except, of course, for mirrors which are internal to a specific site and
> thus can't be contacted by MM
> 

and if they're evil then the folks involved are screwed anyway....

which, after all, is why we're in favor of repomd.xml signing

-sv



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]