On 01/18/2010 01:28 PM, Thomas Moschny wrote:
2010/1/18 Jiri Moskovcak<jmoskovc@xxxxxxxxxx>:
Plus abrt should run `rpm -V' on any rpm involved in the transaction (=if
user
does not have replaced the binary by some non-rpm "make install").
ABRT used to do this (and still can, it's just disabled), but rpm -V uses
prelink to un-prelink the binaries to check the MD5 sum and security guys
don't like it.
Can you explain what's the security problem here?
The outcome would be a boolean and a reject to send the report (or at
least a big warning).
- Thomas
The problem is during the "un-prelink" part, please see this BZs:
546572, 546350, 546987, 546772
Jirka
begin:vcard
fn:Jiri Moskovcak
n:Moskovcak;Jiri
email;internet:jmoskovc@xxxxxxxxxx
x-mozilla-html:FALSE
version:2.1
end:vcard
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
