Risk of using rpm parser?
Miroslav Suchý
msuchy at redhat.com
Wed Mar 5 12:31:11 UTC 2014
On 03/03/2014 01:11 PM, Florian Weimer wrote:
>
> Parsing the src.rpm is unsafe (or more precisely, the spec file in it). This is by design, no exploit is needed.
I meant parsing final RPMs. I should rather say querying.
> Parsing the final RPMs can be made safe in theory
And in practice? :)
What would be interrest for me is Requires, Provides, Description... and probably list of files (but not their content).
--
Miroslav Suchy, RHCE, RHCDS
Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys
More information about the Rpm-list
mailing list