[Rpm-maint] [rpm-software-management/rpm] RPM with Copy on Write (#1470)

Demi Marie Obenour notifications at github.com
Wed Feb 9 22:54:31 UTC 2022


> @DemiMarie
> 
> > If (as this document implies) the entire non-transcoded file is buffered on disk, things are far simpler.
> 
> No, it is not buffered on disk. Let me know what makes you think so, so i can clarify it.

You mention the need for the file to be seekable.

> Other than that, I am with you on improving the signature validation, but at this stage, it would require support from the packager side. TBH, being able to validate chunks on the fly may also be beneficial to non-cow RPM (if it were to no buffer files on disk before unarchiving). The current transcoded metadata allows for an in-between solution that allows verification, but with the decompression library still being exposed to vulnerability. The attack surface can be lowered by dropping privileges/chrooting... the transcoder.

That is definitely a step forward, especially if the hashing is performed in the parent process.  I imagine `SECCOMP_SET_MODE_STRICT` would be pretty hard to break out of, and would dramatically reduce my worries about this patch.  Is setting up `SECCOMP_SET_MODE_STRICT` before decompression a viable option?

> In any cases, even if chunk validation is done, a summary of the validation will still need to be store in the transcoded file metadata so the transcoded file can be "verified", or at least, it can be verified that it had been verified, after the fact.

Absolutely (and I have no problem with this).

> Before getting into this though, I like to see how RPM CoW can become a thing in RPM, iterate on that, and time will come to improve signature validation.

What if RPM CoW is merged but not enabled by default?  Once signature validation is up to par with standard RPM it can be enabled by default.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1470#issuecomment-1034282104
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/1470/c1034282104 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220209/db432f5e/attachment.html>


More information about the Rpm-maint mailing list