Feature changed by: Ihno Krumreich (ihno) Feature #307745, revision 7 Title: Let the admin ("root") download and install untrusted third- party RPMs from known URLs guided via YaST openSUSE-11.3: New Priority Requester: Neutral openSUSE Distribution: Unconfirmed Priority Requester: Neutral Requested by: Johannes Meixner (jsmeix) Partner organization: openSUSE.org Description: - I would like to have it evaluated whether or not it is allowed - to implement a dialog in YaST which lets the system admin - (i.e. "root") download and install untrusted third-party RPMs - from known URLs. - In any case "root" can download and install any software manually. - This request is about to provide a guided and restricted way - for some particular cases. - My current use-case are the printer driver packages - which are available via OpenPrinting at the Linux Foundation: - http://www.openprinting.org/driver_list.cgi - where LSB compliant driver RPM packages are available. - From my point of view those packages are on the one hand - untrusted third-party RPMs but on the other hand - their download location is "well known" which makes - those packages "well known third-party packages". - I assume that from a strict security point of view - any kind of third party software is "strictly forbidden" - but I like to propose a more useful way here: - The system admin (i.e. "root") can in any case - download and install whatever software he likes. - This may invalidate e.g. whatever support contract - but it is up to the admin to know what he does. - Currently we have no idea at all which third-party printer - drivers an admin may download and install on his own. - When he has a printer for which there is no driver - provided by us, the admin may download whatever - driver software from any totally unknown location - and install it with any unknown consequences. - (E.g. some time ago there was a printer driver from - a printer manufacturer where its installation script - set setuid root bits on various user application + I would like to have it evaluated whether or not it is allowed to + implement a dialog in YaST which lets the system admin (i.e. "root") + download and install untrusted third-party RPMs from known URLs. + In any case "root" can download and install any software manually. This + request is about to provide a guided and restricted way for some + particular cases. + My current use-case are the printer driver packages which are available + via OpenPrinting at the Linux Foundation: + http://www.openprinting.org/driver_list.cgi where LSB compliant driver + RPM packages are available. + From my point of view those packages are on the one hand untrusted + third-party RPMs but on the other hand their download location is "well + known" which makes those packages "well known third-party packages". + I assume that from a strict security point of view any kind of third + party software is "strictly forbidden" but I like to propose a more + useful way here: + The system admin (i.e. "root") can in any case download and install + whatever software he likes. This may invalidate e.g. whatever support + contract but it is up to the admin to know what he does. + Currently we have no idea at all which third-party printer drivers an + admin may download and install on his own. + When he has a printer for which there is no driver provided by us, the + admin may download whatever driver software from any totally unknown + location and install it with any unknown consequences. (E.g. some time + ago there was a printer driver from a printer manufacturer where its + installation script set setuid root bits on various user application programs to mak it "just work".) - Currently we even do not tell the admin about the - well known printer driver locations at OpenPrinting. - From my point of view it would be a big improvement - when I could implement a dialog in the YaST printer module - which shows a very explicite text that this is about - untrusted unsupported third-party software. - This text would require explicite confirmation by the admin. - Then it downloads RPMs only from hardcoded URLs - from OpenPrinting and inspects the downloaded RPM - whether it overwrites already installed files on the system - and if not, it installs it without running any RPM scripts - because normal printer drivers do not need to run - RPM scripts during installation. - If the above conditions are not fulfilled it shows a very - explicite warning text and does not install anything. - In contrast to now where we leave the admin totally - on its own how to get a driver for a printer for which - we do not provide a driver, the above described - guided and restricted way to download and install - drivers via YaST would help both the admin and us - because in many cases we could make sure this way - that we know at least which third-party driver - the admin has installed. - Please do not confuse this request - with the different request how a third-party - (e.g. OpenPrinting or a printer manufacturer) - could provide software packages in a way - which is in full compliance to our package - installation and management tools (i.e. via a - repository which provides also updates and so on). - This request is meant for third-party RPMs "as is" - where the vendor/provider simply does not want - (because of whatever reason which is beyond our control) - to provide his RPMs in compliance to our package + Currently we even do not tell the admin about the well known printer + driver locations at OpenPrinting. + From my point of view it would be a big improvement when I could + implement a dialog in the YaST printer module which shows a very + explicite text that this is about untrusted unsupported third-party + software. This text would require explicite confirmation by the admin. + Then it downloads RPMs only from hardcoded URLs from OpenPrinting and + inspects the downloaded RPM whether it overwrites already installed + files on the system and if not, it installs it without running any RPM + scripts because normal printer drivers do not need to run RPM scripts + during installation. If the above conditions are not fulfilled it shows + a very explicite warning text and does not install anything. + In contrast to now where we leave the admin totally on its own how to + get a driver for a printer for which we do not provide a driver, the + above described guided and restricted way to download and install + drivers via YaST would help both the admin and us because in many cases + we could make sure this way that we know at least which third-party + driver the admin has installed. + Please do not confuse this request with the different request how a + third-party (e.g. OpenPrinting or a printer manufacturer) could provide + software packages in a way which is in full compliance to our package + installation and management tools (i.e. via a repository which provides + also updates and so on). + This request is meant for third-party RPMs "as is" where the + vendor/provider simply does not want (because of whatever reason which + is beyond our control) to provide his RPMs in compliance to our package installation and management tools. -- openSUSE Feature: https://features.opensuse.org/307745