Bug 149340 - Network queries for rpm signatures are a privacy risk, and a performance problem
Network queries for rpm signatures are a privacy risk, and a performance problem
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: rpm (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Johnson
Mike McLean
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-22 11:27 EST by John Ellson
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-22 15:48:58 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Ellson 2005-02-22 11:27:04 EST
Description of problem:
Network queries for rpm signatures are a privacy risk since they can
inform an unknown third party of packages on your system.

Also, the performance of "rpm -qa" and "rpm -e" now truly sucks unless
"--nosignature" is added.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. rpm -qa
2. rpm -qa --nosignature
3.
  
Actual results:
ellson@ellson:~> time rpm -qa >/dev/null 
real    0m8.257s
user    0m3.148s
sys     0m0.834s
ellson@ellson:~> time rpm -qa --nosignature >/dev/null 
real    0m3.793s
user    0m3.001s
sys     0m0.707s


Expected results:
rpm needs explicit user permission before making any network access

Additional info:
Comment 1 Jeff Johnson 2005-02-22 15:48:58 EST
You have the following choices for the privacy issue,
change your configuration to satisfy your needs:

1) rpm --import all pubkeys used to sign packages.

2) disable the mechanism by adding to ~/.rpmmacros or /etc/rpm/macros
(create if not already there):
    %_hkp_keyserver %{nil}
Add a differenet, possibly local, hkp server there if you want.

Yes, a network timeout during rpm -qa is pathetically slow. You
have the following choice (in addition to the aformentioned)

3) Disable signature verification during queries by adding to
~/.rpmmacros or /etc/rpm/macros:
    %_vsflags_query        -1

In addition, since rpm needs to choose one default value
for distribution, feel free to bring me consensus on
what that default should be. What is in rpm-4.1.1-1
is what I believe is Right for the majority of FC4 users,
but I make no claim at prescience or Godliness, I'm perfectly
willing to change rpm configuration as needed.
     

Note You need to log in before you can comment on or make changes to this bug.