Features of RPMShield
Policy-based control of package installation actions
While existing package managers such as RPM allow a system administrator
to examine package contents and installation scripts in detail, this is a
cumbersome process and hence seldom undertaken. In contrast, our
approach presents a convenient interface through which a system
administrator can exert control over installation actions that impact
system security or the operation of existing applications.
Notification of security relevant behavior of packages
Our tool conveniently notifies the user of any actions of the package manager
that may affect system security and operability.
Operability with changes made outside of package managers
Our approach provides a convenient mechanism to control updates to
manually edited files, files shared among multiple packages, or
more generally, files installed outside the scope of the package manager.
Normal-user installation of packages
Individual users often want to install packages that are of interest to themselves. Since all RPM
installation actions require super-user privilege, normal users are unable
to install such packages for themselves. Our approach can support this
capability through the use of security policies that limit installation
actions so that the changes are restricted to a specific user directory.
(still under testing, not shipped with current release 1.0).
Tolerance to failures
Existing package managers offer poor support
to revert to original system configuration when an installation
upgrade/process fails. Our automatic recovery mechanism
reverts the system to its original (consistent) state.