[Rpm-maint] [rpm-software-management/rpm] First steps towards fixing the symlink CVEs (PR #1919)
Demi Marie Obenour
notifications at github.com
Tue Feb 15 16:37:51 UTC 2022
> This is now using fd or dirfd+basename for file ops within the fsm, as much as possible. Plugins pose special problems as external libraries generally dont support dirfd+basename style operation, but may still need to operate on symlinks so we're stuck with "insecure" absolute paths there, for now at least.
Cute (but non-portable) trick: use paths of the form `/dev/fd/$FDNUM/something`. Works at least on Linux.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1919#issuecomment-1040497270
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/1919/c1040497270 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220215/1d07608d/attachment.html>
More information about the Rpm-maint
mailing list