Risk of using rpm parser?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Mon, 3 Mar 2014, Miroslav Suchý wrote:

> Imagine you are attacker. You can submit to target server (Copr) whatever
> src.rpm you want. That srpm will be build in VM, which will be then
> terminated. But you know that the server will use queries using python-rpm on
> final binary rpm files.

The srpm contains a .spec file.  Spec files have full access 
to whatever they wish to specify to pull in via BuildRequires.  
As such they have access to a Turing Complete environment

If there is an exploit to escape from a VM into the parent 
hosting environment (there were previously disclosed known 
ones, and one has to assume more lurking), one can 'leave 
behind' whatever hostile payload one wishes

-- Russ herrold
Rpm-list mailing list

[Index of Archives]     [RPM Ecosystem]     [Linux Kernel]     [Red Hat Install]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Red Hat]     [Gimp]     [Yosemite News]     [IETF Discussion]

  Powered by Linux