[OmniOS-discuss] publisher signature-policy=require-signatures for new zones
Ben Summers
ben at fluffy.co.uk
Sat Feb 8 16:00:21 UTC 2014
Hello,
r151008 now includes signed packages, but the default signature-policy is verify, so it's still vulnerable to MITM if the attacker simply removes the signatures from the manifests.
I can run
pkg set-publisher --set-property signature-policy=require-signatures omnios
immediately after install from the iso to make sure any updates in the global zone are properly checked.
However, when I install a zone, the zone's signature-policy is the default of verify. pkg downloads files from the IPS server, so anything in the zone's image is vulnerable.
Is it possible to specify signature-policy=require-signatures for new zones in the initial configuration?
Thanks,
Ben
More information about the OmniOS-discuss
mailing list