[Rpm-maint] [rpm-software-management/rpm] First steps towards fixing the symlink CVEs (PR #1919)

Panu Matilainen notifications at github.com
Tue Feb 15 10:19:30 UTC 2022


This is now using fd or dirfd+basename for file ops within the fsm, as much as possible. Plugins pose special problems as external libraries generally dont support dirfd+basename style operation, but may still need to operate on symlinks so we're stuck with "insecure" absolute paths there, for now at least.

I'm seeing a couple of install glitches on fresh chroot install still, but it's getting close now.
Of course a change this big and drastic *will* have bugs in it initially, I have no illusions about that.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1919#issuecomment-1040096878
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/1919/c1040096878 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220215/46eec18b/attachment.html>


More information about the Rpm-maint mailing list