On 09/ 8/10 04:51 PM, Nicolas Williams wrote:
On Wed, Sep 08, 2010 at 04:46:47PM -0700, Shawn Walker wrote:
On 09/ 8/10 04:40 PM, Nicolas Williams wrote:
On Wed, Sep 08, 2010 at 04:34:57PM -0700, Shawn Walker wrote:
The original request was about a way to connect remotely to verify
the system presumably using the installed system.
Darren's request was for an option to have pkg verify use manifests from
the repo instead of /var/pkg to verify the installed bits. I think
that's a good idea.
But not terribly useful if your goal is to ensure the hacker hasn't
compromised the system. After all, the pkg system is written in
python and if they compromised your system, logically it would be
trivial for them to compromise the pkg system itself.
And now we're going in circles. But you missed the point: you could
boot from trusted media, use pkg verify from the trusted media, but
still use the manifest data from /var/pkg from the BE to be verified.
Why? Because you'd use trust anchors from the trusted media and crypto
takes care of the rest.
Keep in mind there is still some amount of information from the system
itself that has to be used so that you can perform the verification
itself. For example, what packages are seen as being installed, what
publishers are known, and/or possibly certificates required to access a
remote repository so that data for the verification can be retrieved.
A way to provide all of this information from an alternate location is
likely possible, but seems likely it could get unwieldy quickly.
In other words, it seems odd to me that you would trust the
verification of the system simply because you could supply a trusted
source of data but were still relying on an untrustworthy client to
do the verification.
You did not carefully read what I wrote, in its context :)
I did, but I try to avoid reading "between the lines." Which is why I
assumed both possibilities and accounted for both in my reply. (That
is, an "untrusted" environment and a "trusted" one.)
-Shawn
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
