| 1 | GLEP: 14 |
1 | GLEP: 14 |
| 2 | Title: security updates based on GLSA |
2 | Title: security updates based on GLSA |
| 3 | Version: $Revision: 1.2 $ |
3 | Version: $Revision: 1.4 $ |
| 4 | Last-Modified: $Date: 2003/08/22 15:11:16 $ |
4 | Last-Modified: $Date: 2003/11/10 19:21:57 $ |
| 5 | Author: Marius Mauch <genone@genone.de>, |
5 | Author: Marius Mauch <genone@genone.de>, |
| 6 | Status: Draft |
6 | Status: Accepted |
| 7 | Type: Standards Track |
7 | Type: Standards Track |
| 8 | Content-Type: text/x-rst |
8 | Content-Type: text/x-rst |
| 9 | Created: 18 Aug 2003 |
9 | Created: 18 Aug 2003 |
| 10 | Post-History: 22-Aug-2003 |
10 | Post-History: 22-Aug-2003, 24-Aug-2003, 10-Nov-2003 |
| 11 | |
11 | |
| 12 | |
12 | |
| 13 | Abstract |
13 | Abstract |
| 14 | ======== |
14 | ======== |
| 15 | |
15 | |
| … | |
… | |
| 31 | =============== |
31 | =============== |
| 32 | |
32 | |
| 33 | Update tool |
33 | Update tool |
| 34 | ----------- |
34 | ----------- |
| 35 | |
35 | |
| 36 | The coding part of this GLEP is a update tool that reads a GLSA, checks if |
36 | The coding part of this GLEP is a update tool that reads a GLSA, verifies its |
| 37 | the system is affected by it and executes one of the following actions, depending |
37 | GPG signature, checks if the system is affected by it and executes one of the |
| 38 | on user preferences: |
38 | following actions, depending on user preferences: |
| 39 | |
39 | |
| 40 | - run all steps necessary to fix the security hole, including package updates and |
40 | - run all steps necessary to fix the security hole, including package updates and |
| 41 | daemon restarts. |
41 | daemon restarts. |
| 42 | - instruct the user how to fix the security hole. |
42 | - instruct the user how to fix the security hole. |
| 43 | - print the GLSA so the user can get more information if desired. |
43 | - print the GLSA so the user can get more information if desired. |
| … | |
… | |
| 50 | ----------- |
50 | ----------- |
| 51 | |
51 | |
| 52 | The GLSA format needs to be specified, I suggest using XML for that to simplify |
52 | The GLSA format needs to be specified, I suggest using XML for that to simplify |
| 53 | parsing and later extensions. See `implementation`_ for a sample DTD. The format |
53 | parsing and later extensions. See `implementation`_ for a sample DTD. The format |
| 54 | has to be compatible with the update tool of course. If necessary a converter |
54 | has to be compatible with the update tool of course. If necessary a converter |
| 55 | tool or an editor could be written for people not comfortable with XML. |
55 | tool or an editor could be written for people not comfortable with XML (update: |
|
|
56 | a QT based editor for the GLSA format written by plasmaroo exists in the |
|
|
57 | gentoo-projects repository). Every GLSA has to be GPG signed by the responsible |
|
|
58 | developer, who has to be a member of the security herd. |
| 56 | |
59 | |
| 57 | |
60 | |
| 58 | GLSA release process |
61 | GLSA release process |
| 59 | -------------------- |
62 | -------------------- |
| 60 | |
63 | |
| 61 | Additional to sending the GLSA to the gentoo-announce mailing list it has to be |
64 | Additional to sending the GLSA to the gentoo-announce mailing list it has to be |
| 62 | stored on a HTTP/FTP server and in the portage tree. I'd suggest a script should |
65 | stored on a HTTP/FTP server and in the portage tree. I'd suggest a script should |
| 63 | be used to release a GLSA that will: |
66 | be used to release a GLSA that will: |
| 64 | |
67 | |
| 65 | - check the GLSA for correctness |
68 | - check the GLSA for correctness |
|
|
69 | - sign the GLSA with the developers GPG key |
| 66 | - send a mail to gentoo-announce with the XML GLSA and a plaintext version attached |
70 | - send a mail to gentoo-announce with the XML GLSA and a plaintext version attached |
| 67 | - upload it to www.gentoo.org/glsa (or wherever they should be uploaded) |
71 | - upload it to www.gentoo.org/security/en/glsa (via cvs commit) |
| 68 | - put it on the rsync server |
72 | - put it on the rsync server (via cvs commit) |
| 69 | - notify the moderators on the forums to make an announcement |
73 | - notify the moderators on the forums to make an announcement |
| 70 | |
74 | |
| 71 | |
75 | |
| 72 | Portage changes |
76 | Portage changes |
| 73 | --------------- |
77 | --------------- |
| … | |
… | |
| 96 | Putting the GLSAs in the portage tree allows all users to check their systems |
100 | Putting the GLSAs in the portage tree allows all users to check their systems |
| 97 | for security updates without taking more actions and simplifies later integration |
101 | for security updates without taking more actions and simplifies later integration |
| 98 | of the update tool into portage. For security minded persons the GLSAs are |
102 | of the update tool into portage. For security minded persons the GLSAs are |
| 99 | available on a HTTP server to ease the load of the rsync servers. |
103 | available on a HTTP server to ease the load of the rsync servers. |
| 100 | |
104 | |
|
|
105 | To verify the signatures of the GLSAs the public keys of the developers should be |
|
|
106 | available in the portage tree and on the HTTP server. The verification is necessary |
|
|
107 | to prevent exploits by fake GLSAs. |
|
|
108 | |
| 101 | |
109 | |
| 102 | Implementation |
110 | Implementation |
| 103 | ============== |
111 | ============== |
| 104 | |
112 | |
| 105 | A prototype implementation (including the update tool, a DTD and a sample |
113 | A prototype implementation (including the update tool, a DTD and a sample |
| 106 | XMLified GLSA) exists at http://gentoo.devel-net.org/glsa/ . This GLEP is based |
114 | XMLified GLSA) exists at http://gentoo.devel-net.org/glsa/ and in the |
|
|
115 | gentoo-projects/gentoo-security/GLSA repository. This GLEP is based |
| 107 | on that implementation, though it can be changed or rewritten if necessary. |
116 | on that implementation, though it can be changed or rewritten if necessary. |
| 108 | According to portage developers there is also already some support for this in |
|
|
| 109 | portage. |
|
|
| 110 | |
117 | |
| 111 | |
118 | |
| 112 | Backwards compatibility |
119 | Backwards compatibility |
| 113 | ======================= |
120 | ======================= |
| 114 | |
121 | |
Parent Directory
| 
Revision Log
| 
Patch