Risk of using rpm parser?
msuchy at redhat.com
Mon Mar 3 09:43:32 UTC 2014
I'm developer of Copr build system. As you may know I inherited original code from Seth.
He set the design and processes that all rpm handling is done only on builders, which is VM which are terminated after
Seth was very afraid to parse rpm files directly on server as he said there is potential security risk. He never
specified which risk. Or how much theoretical this was.
And of course I can no longer ask him.
Now I'm getting some feature request, which would imply to parse rpm files. So dear lazy list - I have question for you:
Imagine you are attacker. You can submit to target server (Copr) whatever src.rpm you want. That srpm will be build in
VM, which will be then terminated. But you know that the server will use queries using python-rpm on final binary rpm files.
How much you are confident that attacker can (not) exploit rpm, python-rpm to do something evil? Even theoretically.
And with or without Selinux.
Miroslav Suchy, RHCE, RHCDS
Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys
More information about the Rpm-list