[Rpm-maint] [rpm-software-management/rpm] Also apply signatures to config files (#374)
Jeff Johnson
notifications at github.com
Sat Feb 10 05:42:33 UTC 2018
FYI: MaximumRPM was written in 1997 and does not begin to define the necessary semantics to implement signatures on mutable files in a useful way. There have been several changes in both %config/%ghost handling since 1997.
Q: What use is it to IMA policies to have a pre-packaged signature on a file that has been marked %config?
The original RFE pretended to a type of configuration that is inaccessible to a user on a embedded/handheld device that could not (or should not) be changed. In which case, using %config is a packaging error imho and can be handled through the existing file signing mechanisms.
The original RFP (and your comment) indicates that indeed, signing mutated files has obvious failure cases, which is ultimately a 2nd type of "really mutatable" %config, different from the packaging error misuse/abuse of %config on a file that a user could not (or should not) change.
Finally there are several comments -- including mine -- that indicate that the ability to sign "mutable" %config files does not seem very useful, and hence needs a disabler with opt-in default behavior.
(aside)
Adding the ability to change the ima signature in the xattr after installation, so that the modified, not the original %config template, would (at least) change my opinion, similarly for %ghost. But that isn't what is being proposed.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/374#issuecomment-364628202
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20180210/b0802f6c/attachment-0001.html>
More information about the Rpm-maint
mailing list