[Rpm-maint] FSM hooks for rpm plugin

Reshetova, Elena elena.reshetova at intel.com
Mon Mar 11 12:14:39 UTC 2013


>Yup, rpm pretty much has to trust its plugins. OTOH... this made me think of 
>another related issue: it would actually be better to set the permissions etc 
>before moving the file to its final location. Currently we first move the 
>file and then start setting permissions, which means executables and all will 
>for a >short period of time have totally incorrect permissions, labels and 
>all. So if you happen to execute that binary during that period, who knows 
>what will happen: it could fail to execute at all, execute with wrong 
>capabilities / labels etc.

Yes, this would be the safest way of doing it. But it isn't that bad in the 
current scenario: if your security settings are proper (like labels of rpm 
itself and etc.), noone would be able to even access the tmp files before the 
proper labelling is in place. But agree: doing it right from beginning is even 
better and removes possibility of bad setup.

>Setting the permissions before moving would fix that and also avoid replacing 
>a previous file at all in case we fail to in one of the metadata steps. For 
>the stock metadata the actual path makes no difference, but for security 
>labels you'd want the final path though (to avoid having to figure out and 
>strip the >temp extension from the file), so it'd require passing two paths 
>to the pre-commit hook: current and final.

Maybe it is the fact that I had to wake up 3am today to come back to Helsinki, 
but I don't understand why do we need to know the final path for security 
labels labelling? I don't think file is labelled based on its destination: it 
is more like based on what is inside package, manifest,  device security 
policies and etc.


Best Regards,
Elena.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7220 bytes
Desc: not available
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20130311/9477d074/attachment-0001.p7s>


More information about the Rpm-maint mailing list