Re: ABRT frustrating for users and developers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/18/2010 01:28 PM, Thomas Moschny wrote:
2010/1/18 Jiri Moskovcak<jmoskovc@xxxxxxxxxx>:
Plus abrt should run `rpm -V' on any rpm involved in the transaction (=if
user
does not have replaced the binary by some non-rpm "make install").

ABRT used to do this (and still can, it's just disabled), but rpm -V uses
prelink to un-prelink the binaries to check the MD5 sum and security guys
don't like it.

Can you explain what's the security problem here?
The outcome would be a boolean and a reject to send the report (or at
least a big warning).

- Thomas

The problem is during the "un-prelink" part, please see this BZs: 546572, 546350, 546987, 546772

Jirka
begin:vcard
fn:Jiri Moskovcak
n:Moskovcak;Jiri
email;internet:jmoskovc@xxxxxxxxxx
x-mozilla-html:FALSE
version:2.1
end:vcard

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux