Why most run Microsoft, not RedHat
Les Mikesell
lesmikesell at gmail.com
Mon Apr 30 18:23:04 UTC 2007
Zoltan Boszormenyi wrote:
>>
>> It's all a matter of programmer-vs.-programmer wars to show who is in
>> control.
>
> My questions above weren't about war. Again, different POVs.
> I tried to give some examples of ease of use vs manual control.
It's about *who* is in control. The *how* is a matter of programming.
Is it your machine or the package manager's? What happens when the
package manager is compromised?
> A1. you have package manager because you want easy installation
> and you don't want to wait while the stuff compiles
And after this is in place you add something that theoretically
only you are supposed to be able to control.
> A3. because it's easier to have everything have the proper permissions,
> let rpm handle it.
>
> and
>
> A2. the packager may consider a file to be so essential that he wants it
> immutable. but the upgrade of the package must also work without
> manual override, i.e. without clearing immutable flag first.
Ahh, but then that thing you just added to give yourself an extra layer
of control doesn't work any more.
>> You can compare it to the person who thought that the passwd program
>> should only talk directly to a tty and that programs should not be
>> able to use it. That lasted a few months - until another programmer
>> wanted his program to be able to change passwords and wrote 'expect'
>> to do it. A big waste of both people's time...
>
> Agreed, that's unfortunate.
>
>>> But your POV in the question above is wrong.
>>> The point is to take advantage of something
>>> where available.
>>
>> Beg your pardon? The point of adding the immutable bit was so the
>> file couldn't be changed by ordinary means. It is, again, a waste of
>> both parties efforts as soon as someone adds the programming to bypass
>> its attempt at control.
>
> But you already have it - you can use chattr from shell scripts or
> manually.
> But chattr works only as root and you can only run rpm -[iU] as root
> successfully anyway.
> Hm. You can use chattr in pre and post scriptlets in rpm today. :-)
> But rpmv won't tell you whether the fs-special flags were set
> by rpm or by someone else.
Yes, just like the passwd/expect example. If there is a possible way to
circumvent your special-exception case, there wasn't much sense it
adding it in the first place - it just makes everything harder without
serving its original purpose.
> I can certainly remember if I set this flag myself (e.g. have it
> documented)
> or ask the collegues. If no one authorized has set it (like it was in
> the case of
> the intrusion) then I would expect that rpm were able to replace
> a package with --force, even if some files have the immutable flag set.
> (Or similar in case of other FSes than ext2/3/4.)
Back to the programmer-vs.-programmer. If rpm does this, the rootkits
will just supply a modified rpm program that only pretends to do it but
doesn't really replace the trojan files.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list