Re: ABRT frustrating for users and developers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



2010/1/18 Jiri Moskovcak <jmoskovc@xxxxxxxxxx>:
> On 01/18/2010 01:28 PM, Thomas Moschny wrote:
>> 2010/1/18 Jiri Moskovcak<jmoskovc@xxxxxxxxxx>:
>>> ABRT used to do this (and still can, it's just disabled), but rpm -V uses
>>> prelink to un-prelink the binaries to check the MD5 sum and security guys
>>> don't like it.
>>
>> Can you explain what's the security problem here?
>> The outcome would be a boolean and a reject to send the report (or at
>> least a big warning).
>>
>> - Thomas
>
> The problem is during the "un-prelink" part, please see this BZs: 546572,
> 546350, 546987, 546772

Not sure I get it. Am I understanding it correctly that prelink -y
(which is called by rpm -V) writes the 'original', un-prelinked binary
somewhere (surely a temporary location) and this is considered
insecure?

But an ordinary user can call rpm -V any time.

- Thomas
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux