[Rpm-maint] FSM hooks for rpm plugin
elena.reshetova at intel.com
Mon Mar 11 12:14:39 UTC 2013
>Yup, rpm pretty much has to trust its plugins. OTOH... this made me think of
>another related issue: it would actually be better to set the permissions etc
>before moving the file to its final location. Currently we first move the
>file and then start setting permissions, which means executables and all will
>for a >short period of time have totally incorrect permissions, labels and
>all. So if you happen to execute that binary during that period, who knows
>what will happen: it could fail to execute at all, execute with wrong
>capabilities / labels etc.
Yes, this would be the safest way of doing it. But it isn't that bad in the
current scenario: if your security settings are proper (like labels of rpm
itself and etc.), noone would be able to even access the tmp files before the
proper labelling is in place. But agree: doing it right from beginning is even
better and removes possibility of bad setup.
>Setting the permissions before moving would fix that and also avoid replacing
>a previous file at all in case we fail to in one of the metadata steps. For
>the stock metadata the actual path makes no difference, but for security
>labels you'd want the final path though (to avoid having to figure out and
>strip the >temp extension from the file), so it'd require passing two paths
>to the pre-commit hook: current and final.
Maybe it is the fact that I had to wake up 3am today to come back to Helsinki,
but I don't understand why do we need to know the final path for security
labels labelling? I don't think file is labelled based on its destination: it
is more like based on what is inside package, manifest, device security
policies and etc.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7220 bytes
Desc: not available
More information about the Rpm-maint