[Yum] Error updating RH8

[seth vidal]

On Wed, 2003-01-15 at 14:10, R P Herrold wrote:
> On Wed, 15 Jan 2003, Michael A. Peterson wrote:
> 
> > May I suggest that yum checks that the downloaded header file is not just
> > a 404 error from the web server?  :)
> 
> Certainly -- lots of good coding parctice options exist --
> also check that size is non-zero; and here, that the gzip CRC
> checksum is intact, and later, that the header has all four
> fields of another version.  We are spoiled by the robustmess
> of the internet as a transport, when stuff mostly works.
> 

rereading these messages I think I know what I'd like to do for this.

for headers:
 - check that they can be opened and read by rpm
 - make sure the name, arch match what they contain when you read that
data from the header

for header.info
 - see if it is non-zero in size
 - if so, read for useful content, if I can't parse line one then bail
on that repository (maybe exit entirely?)
   - if I can parse the line then continue
 - if it's zero in size, warn and continue w/the next repository.


> But there are evil people out there, and yum headers are not
> GPG signed -- It seems there are possibilities for exploits
> which could be forged and pushed out if a yum mirror were
> compromised, and cleverly written rogue content .hdr's were
> substituted; as was the case with the tcpdump, and sendmail
> mirrors in recent months ...  a good gzip checksum should be
> trivial to forge -- maybe more is needed to confirm the
> 'goodness' of a header still.  Food for thought.

rpm 4.2 can have signed headers - I've thought about this as one option.

However, What real security problem could occur with a forged header and
NOT a forged rpm? I tried to come up with a situation and the only thing
I could think of was maybe stopping a system from being upgraded. or
MAYBE causing yum to think something obsoleted something else - but even
so rpm wouldn't obsolete the pkg.

Can you come up with a theoretical case?

-sv