Risk of using rpm parser?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


I'm developer of Copr build system. As you may know I inherited original code from Seth.
He set the design and processes that all rpm handling is done only on builders, which is VM which are terminated after each build. Seth was very afraid to parse rpm files directly on server as he said there is potential security risk. He never specified which risk. Or how much theoretical this was.
And of course I can no longer ask him.

Now I'm getting some feature request, which would imply to parse rpm files. So dear lazy list - I have question for you:

Imagine you are attacker. You can submit to target server (Copr) whatever src.rpm you want. That srpm will be build in VM, which will be then terminated. But you know that the server will use queries using python-rpm on final binary rpm files.

How much you are confident that attacker can (not) exploit rpm, python-rpm to do something evil? Even theoretically.
And with or without Selinux.

Miroslav Suchy, RHCE, RHCDS
Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys
Rpm-list mailing list

[Index of Archives]     [RPM Ecosystem]     [Linux Kernel]     [Red Hat Install]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Red Hat]     [Gimp]     [Yosemite News]     [IETF Discussion]

  Powered by Linux