[Rpm-maint] [rpm-software-management/rpm] First steps towards fixing the symlink CVEs (PR #1919)
Panu Matilainen
notifications at github.com
Tue Feb 15 10:19:30 UTC 2022
This is now using fd or dirfd+basename for file ops within the fsm, as much as possible. Plugins pose special problems as external libraries generally dont support dirfd+basename style operation, but may still need to operate on symlinks so we're stuck with "insecure" absolute paths there, for now at least.
I'm seeing a couple of install glitches on fresh chroot install still, but it's getting close now.
Of course a change this big and drastic *will* have bugs in it initially, I have no illusions about that.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1919#issuecomment-1040096878
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/1919/c1040096878 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220215/46eec18b/attachment.html>
More information about the Rpm-maint
mailing list