On Mon, 3 Mar 2014, Miroslav Suchý wrote: > Imagine you are attacker. You can submit to target server (Copr) whatever > src.rpm you want. That srpm will be build in VM, which will be then > terminated. But you know that the server will use queries using python-rpm on > final binary rpm files. The srpm contains a .spec file. Spec files have full access to whatever they wish to specify to pull in via BuildRequires. As such they have access to a Turing Complete environment If there is an exploit to escape from a VM into the parent hosting environment (there were previously disclosed known ones, and one has to assume more lurking), one can 'leave behind' whatever hostile payload one wishes -- Russ herrold _______________________________________________ Rpm-list mailing list Rpm-list@xxxxxxxxxxxxx http://lists.rpm.org/mailman/listinfo/rpm-list
