Contents of /xml/htdocs/proj/en/glep/glep-0014.html

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.8 - (hide annotations) (download) (as text)
Sun Oct 14 17:00:15 2007 UTC (11 years, 3 months ago) by antarus
Branch: MAIN
Changes since 1.7: +6 -253 lines
File MIME type: text/html
the canary on 53 went well, changing the rest

1 g2boojum 1.1 <?xml version="1.0" encoding="utf-8" ?>
2     <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3     <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4 antarus 1.8
5 g2boojum 1.1 <head>
6     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
7 g2boojum 1.5 <meta name="generator" content="Docutils 0.4: http://docutils.sourceforge.net/" />
8 g2boojum 1.1 <title>GLEP 14 -- security updates based on GLSA</title>
9 antarus 1.8 <link rel="stylesheet" href="tools/glep.css" type="text/css" />
10 g2boojum 1.1 </head>
11     <body bgcolor="white">
12     <table class="navigation" cellpadding="0" cellspacing="0"
13     width="100%" border="0">
14     <tr><td class="navicon" width="150" height="35">
15     <a href="http://www.gentoo.org/" title="Gentoo Linux Home Page">
16     <img src="http://www.gentoo.org/images/gentoo-new.gif" alt="[Gentoo]"
17     border="0" width="150" height="35" /></a></td>
18     <td class="textlinks" align="left">
19     [<b><a href="http://www.gentoo.org/">Gentoo Linux Home</a></b>]
20 antarus 1.8 [<b><a href="http://www.gentoo.org/proj/en/glep">GLEP Index</a></b>]
21 g2boojum 1.5 [<b><a href="http://www.gentoo.org/proj/en/glep/glep-0014.txt">GLEP Source</a></b>]
22 g2boojum 1.1 </td></tr></table>
23 g2boojum 1.5 <table class="rfc2822 docutils field-list" frame="void" rules="none">
24 g2boojum 1.1 <col class="field-name" />
25     <col class="field-body" />
26     <tbody valign="top">
27     <tr class="field"><th class="field-name">GLEP:</th><td class="field-body">14</td>
28     </tr>
29     <tr class="field"><th class="field-name">Title:</th><td class="field-body">security updates based on GLSA</td>
30     </tr>
31 antarus 1.8 <tr class="field"><th class="field-name">Version:</th><td class="field-body">1.6</td>
32 g2boojum 1.1 </tr>
33 antarus 1.8 <tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0014.txt?cvsroot=gentoo">2006/10/14 02:54:24</a></td>
34 g2boojum 1.1 </tr>
35     <tr class="field"><th class="field-name">Author:</th><td class="field-body">Marius Mauch &lt;genone&#32;&#97;t&#32;genone.de&gt;,</td>
36     </tr>
37 g2boojum 1.3 <tr class="field"><th class="field-name">Status:</th><td class="field-body">Accepted</td>
38 g2boojum 1.1 </tr>
39     <tr class="field"><th class="field-name">Type:</th><td class="field-body">Standards Track</td>
40     </tr>
41 g2boojum 1.5 <tr class="field"><th class="field-name">Content-Type:</th><td class="field-body"><a class="reference" href="glep-0002.html">text/x-rst</a></td>
42 g2boojum 1.1 </tr>
43     <tr class="field"><th class="field-name">Created:</th><td class="field-body">18 Aug 2003</td>
44     </tr>
45 g2boojum 1.4 <tr class="field"><th class="field-name">Post-History:</th><td class="field-body">22-Aug-2003, 24-Aug-2003, 10-Nov-2003, 25-Oct-2004</td>
46 g2boojum 1.1 </tr>
47 genone 1.6 <tr class="field"><th class="field-name">Requires:</th><td class="field-body"><a class="reference" href="http://www.gentoo.org/proj/en/glepglep-0021.html">21</a></td>
48     </tr>
49 g2boojum 1.1 </tbody>
50     </table>
51     <hr />
52 g2boojum 1.5 <div class="contents topic">
53     <p class="topic-title first"><a id="contents" name="contents">Contents</a></p>
54 g2boojum 1.1 <ul class="simple">
55     <li><a class="reference" href="#abstract" id="id2" name="id2">Abstract</a></li>
56 g2boojum 1.4 <li><a class="reference" href="#status-update" id="id3" name="id3">Status Update</a></li>
57     <li><a class="reference" href="#motivation" id="id4" name="id4">Motivation</a></li>
58     <li><a class="reference" href="#proposed-change" id="id5" name="id5">Proposed change</a><ul>
59     <li><a class="reference" href="#update-tool" id="id6" name="id6">Update tool</a></li>
60     <li><a class="reference" href="#glsa-format" id="id7" name="id7">GLSA format</a></li>
61     <li><a class="reference" href="#glsa-release-process" id="id8" name="id8">GLSA release process</a></li>
62     <li><a class="reference" href="#portage-changes" id="id9" name="id9">Portage changes</a></li>
63 g2boojum 1.1 </ul>
64     </li>
65 g2boojum 1.4 <li><a class="reference" href="#rationale" id="id10" name="id10">Rationale</a></li>
66     <li><a class="reference" href="#implementation" id="id11" name="id11">Implementation</a></li>
67     <li><a class="reference" href="#backwards-compatibility" id="id12" name="id12">Backwards compatibility</a></li>
68     <li><a class="reference" href="#copyright" id="id13" name="id13">Copyright</a></li>
69 g2boojum 1.1 </ul>
70     </div>
71 g2boojum 1.5 <div class="section">
72     <h1><a class="toc-backref" href="#id2" id="abstract" name="abstract">Abstract</a></h1>
73 g2boojum 1.1 <p>There is currently no automatic way to check a Gentoo system for identified
74     security holes or auto-apply security fixes. This GLEP proposes a way to deal
75     with this issue</p>
76     </div>
77 g2boojum 1.5 <div class="section">
78     <h1><a class="toc-backref" href="#id3" id="status-update" name="status-update">Status Update</a></h1>
79 genone 1.6 <p>Preliminary implementation <tt class="docutils literal"><span class="pre">glsa-check</span></tt> in gentoolkit, final implementation
80     pending set support in portage (GLEP 21).</p>
81 g2boojum 1.4 </div>
82 g2boojum 1.5 <div class="section">
83     <h1><a class="toc-backref" href="#id4" id="motivation" name="motivation">Motivation</a></h1>
84 g2boojum 1.1 <p>Automatic checking for security updates is a often requested feature for Gentoo.
85     Implementing it will enable users to fix security holes without reading every
86     security announcement. It's also a feature that is often required in enterprise
87     environments.</p>
88     </div>
89 g2boojum 1.5 <div class="section">
90     <h1><a class="toc-backref" href="#id5" id="proposed-change" name="proposed-change">Proposed change</a></h1>
91     <div class="section">
92     <h2><a class="toc-backref" href="#id6" id="update-tool" name="update-tool">Update tool</a></h2>
93 g2boojum 1.2 <p>The coding part of this GLEP is a update tool that reads a GLSA, verifies its
94 g2boojum 1.5 GPG signature, checks if the system is affected by it and executes one of the
95 g2boojum 1.2 following actions, depending on user preferences:</p>
96 g2boojum 1.1 <ul class="simple">
97     <li>run all steps necessary to fix the security hole, including package updates and
98     daemon restarts.</li>
99     <li>instruct the user how to fix the security hole.</li>
100     <li>print the GLSA so the user can get more information if desired.</li>
101     </ul>
102     <p>Once this tool is implemented and well tested it can be integrated into portage.
103     A prototype <a class="reference" href="#implementation">implementation</a> for this tool exists.</p>
104     </div>
105 g2boojum 1.5 <div class="section">
106     <h2><a class="toc-backref" href="#id7" id="glsa-format" name="glsa-format">GLSA format</a></h2>
107 g2boojum 1.1 <p>The GLSA format needs to be specified, I suggest using XML for that to simplify
108     parsing and later extensions. See <a class="reference" href="#implementation">implementation</a> for a sample DTD. The format
109     has to be compatible with the update tool of course. If necessary a converter
110 g2boojum 1.3 tool or an editor could be written for people not comfortable with XML (update:
111 g2boojum 1.5 a QT based editor for the GLSA format written by plasmaroo exists in the
112     gentoo-projects repository). Every GLSA has to be GPG signed by the responsible
113 g2boojum 1.3 developer, who has to be a member of the security herd.</p>
114 g2boojum 1.1 </div>
115 g2boojum 1.5 <div class="section">
116     <h2><a class="toc-backref" href="#id8" id="glsa-release-process" name="glsa-release-process">GLSA release process</a></h2>
117 g2boojum 1.1 <p>Additional to sending the GLSA to the gentoo-announce mailing list it has to be
118 g2boojum 1.5 stored on a HTTP/FTP server and in the portage tree. I'd suggest a script should
119 g2boojum 1.1 be used to release a GLSA that will:</p>
120     <ul class="simple">
121     <li>check the GLSA for correctness</li>
122 g2boojum 1.2 <li>sign the GLSA with the developers GPG key</li>
123 g2boojum 1.1 <li>send a mail to gentoo-announce with the XML GLSA and a plaintext version attached</li>
124 g2boojum 1.3 <li>upload it to www.gentoo.org/security/en/glsa (via cvs commit)</li>
125     <li>put it on the rsync server (via cvs commit)</li>
126 g2boojum 1.1 <li>notify the moderators on the forums to make an announcement</li>
127     </ul>
128     </div>
129 g2boojum 1.5 <div class="section">
130     <h2><a class="toc-backref" href="#id9" id="portage-changes" name="portage-changes">Portage changes</a></h2>
131 g2boojum 1.1 <p>Until the <a class="reference" href="#update-tool">update tool</a> is integrated into portage there will be no code changes
132     to portage. The update tool might require a few new configuration options, these
133     could be placed in make.conf or another config file in /etc/portage.</p>
134     </div>
135     </div>
136 g2boojum 1.5 <div class="section">
137     <h1><a class="toc-backref" href="#id10" id="rationale" name="rationale">Rationale</a></h1>
138 g2boojum 1.1 <p>The lack of automated security updates for Gentoo is one of the most often requested
139     features for portage as it is one of the standard features of other distributions.
140     As Gentoo already provides GLSAs for important security bugs it is only natural
141     to use these to implement this feature.</p>
142     <p>To parse a GLSA in a program the format needs to be specified and a parser has
143     to be written. I suggest the use of XML for future GLSAs for the following reasons:</p>
144     <ul class="simple">
145     <li>can be parsed and validated with existing libraries</li>
146     <li>easy to extend while maintaining backwards compatibility</li>
147     <li>tools can convert XML GLSAs in other formats, the other direction would be harder</li>
148     <li>websites can use XSLT to markup GLSAs</li>
149     </ul>
150     <p>Putting the GLSAs in the portage tree allows all users to check their systems
151     for security updates without taking more actions and simplifies later integration
152 g2boojum 1.5 of the update tool into portage. For security minded persons the GLSAs are
153 g2boojum 1.1 available on a HTTP server to ease the load of the rsync servers.</p>
154 g2boojum 1.2 <p>To verify the signatures of the GLSAs the public keys of the developers should be
155     available in the portage tree and on the HTTP server. The verification is necessary
156     to prevent exploits by fake GLSAs.</p>
157 g2boojum 1.1 </div>
158 g2boojum 1.5 <div class="section">
159     <h1><a class="toc-backref" href="#id11" id="implementation" name="implementation">Implementation</a></h1>
160 g2boojum 1.1 <p>A prototype implementation (including the update tool, a DTD and a sample
161 g2boojum 1.5 XMLified GLSA) exists at <a class="reference" href="http://gentoo.devel-net.org/glsa/">http://gentoo.devel-net.org/glsa/</a> and in the
162     gentoo-projects/gentoo-security/GLSA repository. This GLEP is based
163 g2boojum 1.3 on that implementation, though it can be changed or rewritten if necessary.</p>
164 g2boojum 1.1 </div>
165 g2boojum 1.5 <div class="section">
166     <h1><a class="toc-backref" href="#id12" id="backwards-compatibility" name="backwards-compatibility">Backwards compatibility</a></h1>
167     <p>The current <a class="reference" href="#glsa-release-process">GLSA release process</a> needs to be replaced with this proposal. It
168 g2boojum 1.1 would be nice if old GLSAs would be transformed into XML as well, but that is
169     not a requirement for this GLEP.</p>
170     </div>
171 g2boojum 1.5 <div class="section">
172     <h1><a class="toc-backref" href="#id13" id="copyright" name="copyright">Copyright</a></h1>
173 g2boojum 1.1 <p>This document has been placed in the public domain.</p>
174     </div>
175 g2boojum 1.5
176 g2boojum 1.1 </div>
177 g2boojum 1.5 <div class="footer">
178 g2boojum 1.4 <hr class="footer" />
179 g2boojum 1.1 <a class="reference" href="glep-0014.txt">View document source</a>.
180 antarus 1.8 Generated on: 2007-10-13 13:39 UTC.
181 g2boojum 1.1 Generated by <a class="reference" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source.
182 g2boojum 1.5
183 g2boojum 1.1 </div>
184     </body>
185     </html>

  ViewVC Help
Powered by ViewVC 1.1.20