[Rpm-maint] [PATCH 1/2] Extending rpm plugin interface, part 1

Reshetova, Elena elena.reshetova at intel.com
Thu Nov 8 11:01:07 UTC 2012


> Okay then, done and pushed. Now that I looked closer, I spotted (and
> fixed) a couple of more "issues": a tiny memleak from early
> rpmtsSetupTransactionPlugins() return and some further cosmetics (two
soft-tabs instead of one hard-tab, trailing whitespace etc), but nothing
dramatic.

Thank you!  I will seriously try to improve my style. I am not using vim for
code edits, but I think I should probably reconsider it or get some kind of
editor that shows all symbols explicitly. Pain to read but I get it right at
the end :)

>Oh and one other thing I noticed just now that'll need further thought: 
>currently the script setup hook only runs for external scripts, but not the
embedded Lua-scripts. Which are getting more and more common... 
>They'll obviously need to be handled quite differently as they run within
the rpm process itself, ie fork() + exec() does not occur.

Yes, I don't currently have a very good idea how this case should be
handled. The idea of script hook is that it sets the needed security
context, but we obviously can't do this for lua case unless we want to drop
the whole rpm security context. 
As a temporal and draconic measure we can compile rpm without lua support to
close this hole, but it is no-go in the future since it is getting more and
more usage. I guess this is one of the things that I need to think more
about.

> Cool. And thanks for all the work so far :)

I hope this is only the beginning, I am really interested in security part
of rpm!

Best Regards,
Elena.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7220 bytes
Desc: not available
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20121108/5adbfd71/attachment-0001.p7s>


More information about the Rpm-maint mailing list