[Rpm-maint] [rpm-software-management/rpm] Fix IMA signature lengths assumed constant (again) (PR #1900)
Demi Marie Obenour
notifications at github.com
Mon Feb 7 01:20:38 UTC 2022
> > This smells like a missing sanity check (or a bunch) somewhere _much_ earlier. One known (to me) flaw is that both IMA and fs-verity signature tags miss pretty much _all_ sanity checks because they're not listed in rpmvs structures.
>
> Not to mention that I am not sure how duplicate entries in the signature are handled. OK to just reject them?
To elaborate: I do not want a situation where one can use duplicate entries to bypass validation.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1900#issuecomment-1030978072
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/1900/c1030978072 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220206/e0d2ca0d/attachment-0001.html>
More information about the Rpm-maint
mailing list