projects / ostree.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9fc9008) | patch
upgrade: Refuse chronologically older commits unless --allow-downgrade
authorColin Walters <walters@verbum.org>
Thu, 20 Feb 2014 23:25:56 +0000 (18:25 -0500)
committerColin Walters <walters@verbum.org>
Thu, 20 Feb 2014 23:25:56 +0000 (18:25 -0500)
commitf2e0162846cbb84abf6fd9a38fabdfd588f4eb2f
tree8d9ca05c4cc01f535e8441fc48c452bc6045a602tree | snapshot
parent9fc9008af8374e7c983a26c18f200e6c7bbf8cbbcommit | diff
upgrade: Refuse chronologically older commits unless --allow-downgrade

We don't want to allow MITM attackers to intercept upgrade requests
and provide clients with older OS versions vulnerable to security
flaws.

Only "ostree admin upgrade" gets this behavior for now - whether we
want to do it for "ostree admin switch" is another question.
Makefile-tests.am diff | blob | history
src/libostree/ostree-core.c diff | blob | history
src/libostree/ostree-core.h diff | blob | history
src/ostree/ot-admin-builtin-upgrade.c diff | blob | history
tests/libtest.sh diff | blob | history
tests/test-admin-upgrade-not-backwards.sh [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.