On Fri, Dec 10, 2021 at 10:47:52AM +0100, Vít Ondruch wrote: > > Dne 10. 12. 21 v 0:08 Davide Cavalca via devel napsal(a): > >On Fri, 2021-12-03 at 22:08 +0000, Richard W.M. Jones wrote: > >>I'm unclear about the threat model - this is an attacker who is > >>someone able to overwrite single files (eg. /bin/ls) but cannot turn > >>off the fs-verity system as a whole? > >> > >>Also if RPM can update /bin/ls then surely an attacker who can widely > >>compromise system files must also be able to update /bin/ls in the > >>same way? > >Once fs-verity is enabled for a given file (which, in the RPM case, > >happens at package installation time), it cannot be disabled, and the > >file becomes immutable. One can still rename() or unlink() it (and this > >is indeed how rpm is able to replace files when upgrading packages), > >but the actual contents cannot be altered. > > > Trying to debug some issue in shell/ruby/python script, will it be possible > to modify such file?
Any file covered by fs-verity is immutable after installation. So you cannot modify the contents, the kernel refuses. But you can just replace the file (like during an upgrade), and of course copy and edit in a different location. If replaced, no fs-verity checking is done any more by the kernel. There was some talk about high-level solution to prevent such files from being executed, e.g. an LSM module, but no details... (Thinking about this, it would be pretty hard, because the LSM would need to be smart enough to know which files are installed through rpm, and which files are not. I would love to hear more details about what is planned here.) Zbyszek _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
