On Thu, 2004-08-26 at 09:44, Stephen Smalley wrote: > On Thu, 2004-08-26 at 05:37, Jeff Johnson wrote: > > Malicious code from untrusted package problem not going to be solved by > > rpm_script_t alone afaict either. > > Right. We still need a mechanism for distinguishing among packages and > running scriptlets in different domains based on either some property of > the package (the authority that signed it) or some knowledge of the > admin (i.e. he specifies the desired scriptlet domain for all packages > obtained from a given repository in his yum.conf or similar). Not to mention needing different domains for rpm itself in such scenarios... -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
