[Rpm-maint] [rpm-software-management/rpm] Fix IMA signature lengths assumed constant (again) (PR #1900)
Demi Marie Obenour
notifications at github.com
Mon Feb 7 00:36:33 UTC 2022
> This smells like a missing sanity check (or a bunch) somewhere _much_ earlier. One known (to me) flaw is that both IMA and fs-verity signature tags miss pretty much _all_ sanity checks because they're not listed in rpmvs structures.
Not to mention that I am not sure how duplicate entries in the signature are handled. OK to just reject them?
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1900#issuecomment-1030957001
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/1900/c1030957001 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220206/1552c792/attachment.html>
More information about the Rpm-maint
mailing list