[Yum] Security issues with include= implementation in yum.conf

Eric V. Smith eric at trueblade.com
Sat Oct 4 10:41:47 UTC 2003


> now fedora and freshrpms are trustworthy folks - but joeblow might not
> be or none of their security might be good enough and the default.repo
> for joeblows might normally be:

While fedora and freshrpms might be trustworthy, DNS is not.  This seems
like a pretty lucrative target for DNS cache poisoning or DNS spoofing
[1], which would allow anyone to take over any machine using this feature
and non-gpg signed rpms.

This would be a sufficiently scary feature that I'd recommend that no one
ever use it.  But that doesn't mean it shouldn't exist.  In an environment
where you can actually trust (1) the DNS servers, (2) the network between
you and the DNS servers and (3)the repo servers, you should be okay. 
Similarly, if DNSSec ever exists, or if you're using gpg, you should be
okay.  But there should be warnings all over the place not to use the
feature unless you understand the implications.

Eric.



[1] http://www.watchguard.com/glossary/d.asp






More information about the Yum mailing list