Rename and signed packages

To: tech-pkg%netbsd.org@localhost
Subject: Rename and signed packages
From: Joerg Sonnenberger <joerg%britannica.bec.de@localhost>
Date: Wed, 11 Jun 2008 16:14:49 +0200

Hi all,
when dealing with signed packages there's one problem we don't deal with
right now. What happens if Eve renames binary packages on the server?
She might trick Alice into running "pkg_add perl" and it really installs
"broken_suid_root-1.23", if she also has a shell account on Alice's
machine, she now has root permissions. For pkg_install-renovation I have
the infrastructure to deal with it, the question is what should be done.

(1) If a package is installed as dependency or via PKG_PATH, check that
the file name matches the package name (+ suffix).

(2) If a package is installed as dependency or via PKG_PATH, check that
the package name matches the pattern used to find it.

(3) Always do the check of (1) or (2) unless a full path is given on the
command line.

Joerg

Prev by Date: Re: Call for tests: pkg_install-renovation
Next by Date: audit-packages: Hash mismatch but continues
Previous by Thread: ${PLIST.dll} not removed from the +CONTENTS file
Next by Thread: audit-packages: Hash mismatch but continues
Indexes:

Home | Main Index | Thread Index | Old Index