diff options
author | Jiri Moskovcak <jmoskovc@redhat.com> | 2010-01-28 14:40:24 +0100 |
---|---|---|
committer | Jiri Moskovcak <jmoskovc@redhat.com> | 2010-01-28 14:40:24 +0100 |
commit | c3bf1893e3ac66149e5c400dadae62478e57fb18 (patch) | |
tree | 539ef7e03f61e63ce68c5a190427e1ae15ddc5df | |
parent | e0b3196cfb2e02b34a7f73e5136366bcde06da99 (diff) | |
download | abrt-c3bf1893e3ac66149e5c400dadae62478e57fb18.tar.gz abrt-c3bf1893e3ac66149e5c400dadae62478e57fb18.tar.xz abrt-c3bf1893e3ac66149e5c400dadae62478e57fb18.zip |
reenabled gpg check
- we still just check only the signature of the package,
which doesn't tell us if the files on the disk weren't
changed, but will at least filter not official packages
-rw-r--r-- | src/Daemon/MiddleWare.cpp | 7 | ||||
-rw-r--r-- | src/Daemon/abrt.conf | 2 |
2 files changed, 8 insertions, 1 deletions
diff --git a/src/Daemon/MiddleWare.cpp b/src/Daemon/MiddleWare.cpp index 01c3850b..ba7e0a05 100644 --- a/src/Daemon/MiddleWare.cpp +++ b/src/Daemon/MiddleWare.cpp @@ -655,6 +655,12 @@ static mw_result_t SavePackageDescriptionToDebugDump( log("Package '%s' isn't signed with proper key", packageName.c_str()); return MW_GPG_ERROR; } + /* + Checking the MD5 sum requires to run prelink to "un-prelink" the + binaries - this is considered potential security risk so we don't + use it, until we find some non-intrusive way + */ + /* if (!CheckHash(packageName.c_str(), pExecutable)) { error_msg("Executable '%s' seems to be modified, " @@ -662,6 +668,7 @@ static mw_result_t SavePackageDescriptionToDebugDump( pExecutable, packageName.c_str()); return MW_GPG_ERROR; } + */ } } diff --git a/src/Daemon/abrt.conf b/src/Daemon/abrt.conf index bffc48da..1dd994a8 100644 --- a/src/Daemon/abrt.conf +++ b/src/Daemon/abrt.conf @@ -4,7 +4,7 @@ # Checking signatures may require prelink to be run. # This has a remote possibility of breaking binaries and libraries, # and also SELinux gets unhappy about prelink trying to modify them. -OpenGPGCheck = no +OpenGPGCheck = yes # GPG keys OpenGPGPublicKeys = /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora # Blacklisted packages |