| 1 | GLEP: 14 |
1 | GLEP: 14 |
| 2 | Title: security updates based on GLSA |
2 | Title: security updates based on GLSA |
| 3 | Version: $Revision: 1.2 $ |
3 | Version: $Revision: 1.3 $ |
| 4 | Last-Modified: $Date: 2003/08/22 15:11:16 $ |
4 | Last-Modified: $Date: 2003/08/24 22:11:46 $ |
| 5 | Author: Marius Mauch <genone@genone.de>, |
5 | Author: Marius Mauch <genone@genone.de>, |
| 6 | Status: Draft |
6 | Status: Draft |
| 7 | Type: Standards Track |
7 | Type: Standards Track |
| 8 | Content-Type: text/x-rst |
8 | Content-Type: text/x-rst |
| 9 | Created: 18 Aug 2003 |
9 | Created: 18 Aug 2003 |
| 10 | Post-History: 22-Aug-2003 |
10 | Post-History: 22-Aug-2003, 24-Aug-2003 |
| 11 | |
11 | |
| 12 | |
12 | |
| 13 | Abstract |
13 | Abstract |
| 14 | ======== |
14 | ======== |
| 15 | |
15 | |
| … | |
… | |
| 31 | =============== |
31 | =============== |
| 32 | |
32 | |
| 33 | Update tool |
33 | Update tool |
| 34 | ----------- |
34 | ----------- |
| 35 | |
35 | |
| 36 | The coding part of this GLEP is a update tool that reads a GLSA, checks if |
36 | The coding part of this GLEP is a update tool that reads a GLSA, verifies its |
| 37 | the system is affected by it and executes one of the following actions, depending |
37 | GPG signature, checks if the system is affected by it and executes one of the |
| 38 | on user preferences: |
38 | following actions, depending on user preferences: |
| 39 | |
39 | |
| 40 | - run all steps necessary to fix the security hole, including package updates and |
40 | - run all steps necessary to fix the security hole, including package updates and |
| 41 | daemon restarts. |
41 | daemon restarts. |
| 42 | - instruct the user how to fix the security hole. |
42 | - instruct the user how to fix the security hole. |
| 43 | - print the GLSA so the user can get more information if desired. |
43 | - print the GLSA so the user can get more information if desired. |
| … | |
… | |
| 51 | |
51 | |
| 52 | The GLSA format needs to be specified, I suggest using XML for that to simplify |
52 | The GLSA format needs to be specified, I suggest using XML for that to simplify |
| 53 | parsing and later extensions. See `implementation`_ for a sample DTD. The format |
53 | parsing and later extensions. See `implementation`_ for a sample DTD. The format |
| 54 | has to be compatible with the update tool of course. If necessary a converter |
54 | has to be compatible with the update tool of course. If necessary a converter |
| 55 | tool or an editor could be written for people not comfortable with XML. |
55 | tool or an editor could be written for people not comfortable with XML. |
|
|
56 | Every GLSA has to be GPG signed by the responsible developer, who has to be |
|
|
57 | a member of the security herd. |
| 56 | |
58 | |
| 57 | |
59 | |
| 58 | GLSA release process |
60 | GLSA release process |
| 59 | -------------------- |
61 | -------------------- |
| 60 | |
62 | |
| 61 | Additional to sending the GLSA to the gentoo-announce mailing list it has to be |
63 | Additional to sending the GLSA to the gentoo-announce mailing list it has to be |
| 62 | stored on a HTTP/FTP server and in the portage tree. I'd suggest a script should |
64 | stored on a HTTP/FTP server and in the portage tree. I'd suggest a script should |
| 63 | be used to release a GLSA that will: |
65 | be used to release a GLSA that will: |
| 64 | |
66 | |
| 65 | - check the GLSA for correctness |
67 | - check the GLSA for correctness |
|
|
68 | - sign the GLSA with the developers GPG key |
| 66 | - send a mail to gentoo-announce with the XML GLSA and a plaintext version attached |
69 | - send a mail to gentoo-announce with the XML GLSA and a plaintext version attached |
| 67 | - upload it to www.gentoo.org/glsa (or wherever they should be uploaded) |
70 | - upload it to www.gentoo.org/glsa (or wherever they should be uploaded) |
| 68 | - put it on the rsync server |
71 | - put it on the rsync server |
| 69 | - notify the moderators on the forums to make an announcement |
72 | - notify the moderators on the forums to make an announcement |
| 70 | |
73 | |
| … | |
… | |
| 96 | Putting the GLSAs in the portage tree allows all users to check their systems |
99 | Putting the GLSAs in the portage tree allows all users to check their systems |
| 97 | for security updates without taking more actions and simplifies later integration |
100 | for security updates without taking more actions and simplifies later integration |
| 98 | of the update tool into portage. For security minded persons the GLSAs are |
101 | of the update tool into portage. For security minded persons the GLSAs are |
| 99 | available on a HTTP server to ease the load of the rsync servers. |
102 | available on a HTTP server to ease the load of the rsync servers. |
| 100 | |
103 | |
|
|
104 | To verify the signatures of the GLSAs the public keys of the developers should be |
|
|
105 | available in the portage tree and on the HTTP server. The verification is necessary |
|
|
106 | to prevent exploits by fake GLSAs. |
|
|
107 | |
| 101 | |
108 | |
| 102 | Implementation |
109 | Implementation |
| 103 | ============== |
110 | ============== |
| 104 | |
111 | |
| 105 | A prototype implementation (including the update tool, a DTD and a sample |
112 | A prototype implementation (including the update tool, a DTD and a sample |
Parent Directory
| 
Revision Log
| 
Patch