Re: Risk of using rpm parser?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On 03/03/2014 01:11 PM, Florian Weimer wrote:

Parsing the src.rpm is unsafe (or more precisely, the spec file in it).  This is by design, no exploit is needed.

I meant parsing final RPMs. I should rather say querying.

Parsing the final RPMs can be made safe in theory

And in practice? :)
What would be interrest for me is Requires, Provides, Description... and probably list of files (but not their content).

Miroslav Suchy, RHCE, RHCDS
Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys
Rpm-list mailing list

[Index of Archives]     [RPM Ecosystem]     [Linux Kernel]     [Red Hat Install]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Red Hat]     [Gimp]     [Yosemite News]     [IETF Discussion]

  Powered by Linux