On Mon, Jul 29, 2024 at 03:33:21PM GMT, Gordon Messmer wrote: > tl;dr: Quick update, and one question: Are there other packages that should > be monitored? > > > > On 2024-06-24 9:03 PM, Gordon Messmer wrote: > > (As a topic for later: the tirpc library exports functions with the same > > name as functions that appear in libc, so the behavior of erroring on > > duplicate symbols needs to be rationalized. Maybe an exemption for > > libtirpc.so? Are there other libraries that do this?) > > > For now, I've added a list of symbols have have been found in multiple > libraries in services that I've checked. There are some symbols defined in > libc and libm, and in libc and libtirpc, and in libsasl2 and some of its > related libraries. There's probably a better implementation than this... > > > > I have a proof-of-concept test implemented for the openssh package, in > > this pull request: > > https://src.fedoraproject.org/rpms/openssh/pull-request/73 > > > Over the weekend, I opened a series of PRs for other services that are > probably frequently exposed to the public: sendmail, exim, postfix, > cyrus-imapd, haproxy, nginx, and httpd. These are lower-value targets than > sshd, since they don't run as root and may be run in a restricted SELinux > domain, but I tend to think that anything that provides an authentication > backend or listens for public connections should be checked. I'll work on > 389-ds and the krb5 packages later... Any other packages that might be > worth monitoring? Some possible ones I'll toss out there: avahi-daemon cups rsyslog dovecot cockpit Thanks again for doing this. kevin
Attachment:
signature.asc
Description: PGP signature
-- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
