On Sat, 2021-12-04 at 09:37 -0500, Stephen John Smoogen wrote: > > Or just pad /usr/bin/rpm with some null characters at the end to break > its signature and also stop updates from happening. [Or the fs-verity > daemon which will report that these problems are occuring. ]
If the attacker has filesystem access, this wouldn't work, as fs-verity makes the file immutable. If they have block level access to the underlying storage, they can alter the data blocks of the rpm binary, and that would indeed result in failure on the next exec as the signature wouldn't match. Cheers Davide _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
