[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Securing the RPM Database

On Fri, Oct 05, 2001 at 10:34:00AM -0700, David Christensen wrote:
> RPM provides some nice utilities for verifying installed packages, but how
> does one secure the RPM database itself?  It seems that an attacker could
> modify any system files desired and then modify the RPM database to cover
> their tracks.  What would be a simple yet effective mechanism for preventing
> this?  (And please don't mention products like tripwire which would be
> overkill in an embedded application.)

What secures the database at the moment is the signatures on the packages
that were used for the install. That means that the database is disposable,
and not secured at all. Careful security work is done by, say,
	cd /mnt/cdrom
	rpm -Kp foo*.rpm	# verify package signature
	rpm -Vp foo*.rpm	# verify installed files using package header

What will secure the installed headers purty soon now is a verification
on the signature of the original header contents (wwhich includes file
MD5 sums, thereby "trusted" and useful for verifying file images as well)
--verify using the original (rather than the final) installed header
contents as the source of metadata (i.e. MD5 sums).

And, now that GPG/DSA verifcation using beecrypt "works" (there's much
more to be done), signature verification will soon be done by default
for all new package installs, optionally for already installed
package headers retrieved, within rpm.

73 de Jeff

Jeff Johnson	ARS N3NPQ
jbj@jbj.org	(jbj@redhat.com)
Chapel Hill, NC

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []