[Yum] Yum security issues
Rick Thomas
rbthomas55 at pobox.com
Sun Oct 5 03:48:48 UTC 2003
Jim Perrin wrote:
> but what exactly are the goals going to be?
>
Well, Here's one security goal I would like to see addressed:
I'd like to protect only those parts of the yum.conf file that
genuinely need protection. Currently, if you use a repository that
requires passwords in the URLs, you have to make your entire
yum.conf file readable only by root.
I'd like to have yum.conf be world readable -- so that users can
know where the software they run is coming from, but be able to
include a small file (readable only by root) that sets some
variables for use as repository passwords.
I realize that there's more to this than just an include feature.
There has to be some way in parsing the config file to set
variables for later use. Right now (as I read the documentation --
I haven't looked at the source code) it is possible to *use* some
particular named variables (such as $arch, $releasever, etc) with
values extracted from the runtime environment, but not possible to
*set* variables in the config file, and no provision for arbitrary
variable names at all.
Still, this should not be too hard to accomplish, given that there
is code to recognize particular variable use already.
What do you think?
Rick
PS -- Obviously, a generalized variables feature has other uses
than just passwords. It's just that I have a need to use it for
passwords.
More information about the Yum
mailing list