How secure is Preupgrade? Answer: Not.
stan
goedigi89__e at cox.net
Thu May 22 03:23:34 UTC 2008
Björn Persson wrote:
> stan wrote:
>
>> If anaconda uses rpm to do the upgrade, there is a blurb in the man file
>> stating that rpm automatically does the md5 check on install. I think
>> these are signed with a Fedora specific key, so they would fail if they
>> weren't official or were tampered with.
>>
>
> Checking the MD5 sum detects accidentally corrupted packages. To detect that a
> package has been tampered with you have to check the PGP signature. A bad guy
> can easily generate a new MD5 sum for his modified package. He can't generate
> a new PGP signature unless he has a private key that corresponds to one of
> the public keys that are loaded in your local RPM database.
>
> But as the installer may have been tampered with, it may have inserted the bad
> guy's own key in your RPM database, or it may have installed a modified RPM
> that says everything is OK, or any other nasty stuff. I don't think the
> probability is all that high, but the possibility is there.
>
> Björn Persson
>
>
Thanks for clarifying this. Looks like it is back to DVD. :-(
More information about the fedora-list
mailing list