| 1 | GLEP: 14 |
1 | GLEP: 14 |
| 2 | Title: security updates based on GLSA |
2 | Title: security updates based on GLSA |
| 3 | Version: $Revision: 1.2 $ |
3 | Version: $Revision: 1.5 $ |
| 4 | Last-Modified: $Date: 2003/08/22 15:11:16 $ |
4 | Last-Modified: $Date: 2004/10/26 00:21:28 $ |
| 5 | Author: Marius Mauch <genone@genone.de>, |
5 | Author: Marius Mauch <genone@genone.de>, |
| 6 | Status: Draft |
6 | Status: Accepted |
| 7 | Type: Standards Track |
7 | Type: Standards Track |
| 8 | Content-Type: text/x-rst |
8 | Content-Type: text/x-rst |
| 9 | Created: 18 Aug 2003 |
9 | Created: 18 Aug 2003 |
| 10 | Post-History: 22-Aug-2003 |
10 | Post-History: 22-Aug-2003, 24-Aug-2003, 10-Nov-2003, 25-Oct-2004 |
| 11 | |
11 | |
| 12 | |
12 | |
| 13 | Abstract |
13 | Abstract |
| 14 | ======== |
14 | ======== |
| 15 | |
15 | |
| 16 | There is currently no automatic way to check a Gentoo system for identified |
16 | There is currently no automatic way to check a Gentoo system for identified |
| 17 | security holes or auto-apply security fixes. This GLEP proposes a way to deal |
17 | security holes or auto-apply security fixes. This GLEP proposes a way to deal |
| 18 | with this issue |
18 | with this issue |
|
|
19 | |
|
|
20 | Status Update |
|
|
21 | ============= |
|
|
22 | |
|
|
23 | Beta implementation in gentoolkit. |
| 19 | |
24 | |
| 20 | |
25 | |
| 21 | Motivation |
26 | Motivation |
| 22 | ========== |
27 | ========== |
| 23 | |
28 | |
| … | |
… | |
| 31 | =============== |
36 | =============== |
| 32 | |
37 | |
| 33 | Update tool |
38 | Update tool |
| 34 | ----------- |
39 | ----------- |
| 35 | |
40 | |
| 36 | The coding part of this GLEP is a update tool that reads a GLSA, checks if |
41 | The coding part of this GLEP is a update tool that reads a GLSA, verifies its |
| 37 | the system is affected by it and executes one of the following actions, depending |
42 | GPG signature, checks if the system is affected by it and executes one of the |
| 38 | on user preferences: |
43 | following actions, depending on user preferences: |
| 39 | |
44 | |
| 40 | - run all steps necessary to fix the security hole, including package updates and |
45 | - run all steps necessary to fix the security hole, including package updates and |
| 41 | daemon restarts. |
46 | daemon restarts. |
| 42 | - instruct the user how to fix the security hole. |
47 | - instruct the user how to fix the security hole. |
| 43 | - print the GLSA so the user can get more information if desired. |
48 | - print the GLSA so the user can get more information if desired. |
| … | |
… | |
| 50 | ----------- |
55 | ----------- |
| 51 | |
56 | |
| 52 | The GLSA format needs to be specified, I suggest using XML for that to simplify |
57 | The GLSA format needs to be specified, I suggest using XML for that to simplify |
| 53 | parsing and later extensions. See `implementation`_ for a sample DTD. The format |
58 | parsing and later extensions. See `implementation`_ for a sample DTD. The format |
| 54 | has to be compatible with the update tool of course. If necessary a converter |
59 | has to be compatible with the update tool of course. If necessary a converter |
| 55 | tool or an editor could be written for people not comfortable with XML. |
60 | tool or an editor could be written for people not comfortable with XML (update: |
|
|
61 | a QT based editor for the GLSA format written by plasmaroo exists in the |
|
|
62 | gentoo-projects repository). Every GLSA has to be GPG signed by the responsible |
|
|
63 | developer, who has to be a member of the security herd. |
| 56 | |
64 | |
| 57 | |
65 | |
| 58 | GLSA release process |
66 | GLSA release process |
| 59 | -------------------- |
67 | -------------------- |
| 60 | |
68 | |
| 61 | Additional to sending the GLSA to the gentoo-announce mailing list it has to be |
69 | Additional to sending the GLSA to the gentoo-announce mailing list it has to be |
| 62 | stored on a HTTP/FTP server and in the portage tree. I'd suggest a script should |
70 | stored on a HTTP/FTP server and in the portage tree. I'd suggest a script should |
| 63 | be used to release a GLSA that will: |
71 | be used to release a GLSA that will: |
| 64 | |
72 | |
| 65 | - check the GLSA for correctness |
73 | - check the GLSA for correctness |
|
|
74 | - sign the GLSA with the developers GPG key |
| 66 | - send a mail to gentoo-announce with the XML GLSA and a plaintext version attached |
75 | - send a mail to gentoo-announce with the XML GLSA and a plaintext version attached |
| 67 | - upload it to www.gentoo.org/glsa (or wherever they should be uploaded) |
76 | - upload it to www.gentoo.org/security/en/glsa (via cvs commit) |
| 68 | - put it on the rsync server |
77 | - put it on the rsync server (via cvs commit) |
| 69 | - notify the moderators on the forums to make an announcement |
78 | - notify the moderators on the forums to make an announcement |
| 70 | |
79 | |
| 71 | |
80 | |
| 72 | Portage changes |
81 | Portage changes |
| 73 | --------------- |
82 | --------------- |
| … | |
… | |
| 96 | Putting the GLSAs in the portage tree allows all users to check their systems |
105 | Putting the GLSAs in the portage tree allows all users to check their systems |
| 97 | for security updates without taking more actions and simplifies later integration |
106 | for security updates without taking more actions and simplifies later integration |
| 98 | of the update tool into portage. For security minded persons the GLSAs are |
107 | of the update tool into portage. For security minded persons the GLSAs are |
| 99 | available on a HTTP server to ease the load of the rsync servers. |
108 | available on a HTTP server to ease the load of the rsync servers. |
| 100 | |
109 | |
|
|
110 | To verify the signatures of the GLSAs the public keys of the developers should be |
|
|
111 | available in the portage tree and on the HTTP server. The verification is necessary |
|
|
112 | to prevent exploits by fake GLSAs. |
|
|
113 | |
| 101 | |
114 | |
| 102 | Implementation |
115 | Implementation |
| 103 | ============== |
116 | ============== |
| 104 | |
117 | |
| 105 | A prototype implementation (including the update tool, a DTD and a sample |
118 | A prototype implementation (including the update tool, a DTD and a sample |
| 106 | XMLified GLSA) exists at http://gentoo.devel-net.org/glsa/ . This GLEP is based |
119 | XMLified GLSA) exists at http://gentoo.devel-net.org/glsa/ and in the |
|
|
120 | gentoo-projects/gentoo-security/GLSA repository. This GLEP is based |
| 107 | on that implementation, though it can be changed or rewritten if necessary. |
121 | on that implementation, though it can be changed or rewritten if necessary. |
| 108 | According to portage developers there is also already some support for this in |
|
|
| 109 | portage. |
|
|
| 110 | |
122 | |
| 111 | |
123 | |
| 112 | Backwards compatibility |
124 | Backwards compatibility |
| 113 | ======================= |
125 | ======================= |
| 114 | |
126 | |
Parent Directory
| 
Revision Log
| 
Patch