[maemo-users] [maemo-users] 'Locking down' software installation
From: Acadia Secure Networks acadiasecurenets at aol.comDate: Thu Feb 15 16:34:52 EET 2007
- Previous message: [maemo-users] 'Locking down' software installation
- Next message: [maemo-users] 'Locking down' software installation
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
All,
there is a company, rpath, that is providing some if not all of what is
needed for management of the OS codebase. Here is the url to a press
release for their product:
http://www.rpath.com/corp/news-and-events/rpath-continues-momentum-with-addition-of-9.1m-in-fu-5.html
Maybe Nokia is using such a tool internally but if not, it appears to be
worth considering.
Best Regards,
John Holmblad
linwoes at gmail.com wrote:
>> As for the concrete plan:
>>
>> There is going to be a 'meta' package that represents the whole
>> operating system. Updates to the OS are done by updating this meta
>> package in the Application Manager. The meta package will have
>> dependencies on all packages with their exact versions that make up
>> the official OS releases. The Application Manager will not allow the
>> removal of the meta package.
>>
> I have found through experience this is a very powerful way to use standard
> distribution tools and still hold control. I've implimented a mechanism like
> this and it works well. We made it such that (and from the sounds of it this
> will be the same) a developer could remove the meta lock package and wreak
> havoc on the system. This was a good thing. Hardcore devels could do bad
> things, but they will always do bad things. This gave them the last hurdle to
> say, you are now out of control. It also means that support can easily tell
> when a user has willfully removed the meta lock and thus absolve themselevs
> of some level of support.
>
>> This means that the Application Manager will not allow you to update
>> individual OS packages (or to install third party applications that
>> require this), since you would have to remove the meta package for
>> that. It is still possible to install additional 'system' packages,
>> just not to upgrade already installed ones.
>>
>> A second new feature is that the Application Manager will distinguish
>> between "trusted sources" and "non-trusted sources" (based on the key
>> used to sign the corresponding repository). A package that has
>> originally been installed from a trusted source will only be allowed
>> to be updated (or replaced) from a trusted source. The flash image is
>> also treated as a trusted source, so you will only be able to update
>> packages that are pre-installed in the device from trusted sources.
>>
>> This makes it easier for the user to be sure that he doesn't pick up
>> unwanted system software updates by accident.
>>
>> The set of trusted sources will be under control of a power-user: you
>> can just add some GPG keys to the right place, but there is no UI to
>> do it. You can also switch the whole lock-down machinery off by going
>> to red-pill mode.
>>
>> So whaddaya think? Useful? Too painful? Too difficult to escape
>> from?
>>
> Presonally I think the one or two one-time extra steps will not be a burdne
> for hackers and yet provide some safety to users. Overall I think it solves
> much of the 'rouge' package concerns.
>
> As you said it does not solve all the problems. But no single solution will
> solve everything, but this is a strong first step.
>
> Thanks
> Brian
>
> _______________________________________________
> maemo-users mailing list
> maemo-users at maemo.org
> https://maemo.org/mailman/listinfo/maemo-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.maemo.org/pipermail/maemo-users/attachments/20070215/d60a7e63/attachment.htm
- Previous message: [maemo-users] 'Locking down' software installation
- Next message: [maemo-users] 'Locking down' software installation
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]