On Tuesday, February 9, 2021 8:58 PM, John R. Dennison jrd@gerdesas.com wrote:
On Wed, Feb 10, 2021 at 02:42:35AM +0000, redbaronbrowser via CentOS-devel wrote:
As long as we are being pedantic about repository security, my person observation is the best point of attack is the repo XML files. These are not signed. If a rogue mirror or a man in the middle attack did take place, this seems like the best target. From what I can tell, DNF (and libxml2) typically are parsing these files while running as root. A zero-day against libxml2 would be gold.
Repo metadata is signed.
From what I can tell, the repo metadata is hashed by sha256 but that is not the same a cryptographically signed.
What are you finding is performing a verification of the repomd.xml against the CentOS public key before parsing it with libxml2?