[Rpm-maint] [rpm-software-management/rpm] Fix IMA signature lengths assumed constant (again) (PR #1900)

Panu Matilainen notifications at github.com
Thu Jan 27 09:39:09 UTC 2022


Yes, I certainly didn't imply the whole codebase to be refactored to use a new memory-allocator, quite the contrary I almost added a mention *not* to do so to.

I've explained the IMA/fs-verify design flaw before: they are added to a finished build, so they can't go to the main header - the immutable section is out of the question, and as a dribble outside it they'd be just as unprotected as in the signature header, with just extra complexity and vulnerabilities to deal with. Nothing gained by that.

base2bin() doesn't execute on every single package out there, only those with fs-verity signatures, which is not many.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1900#issuecomment-1023019244
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/1900/c1023019244 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220127/3571dec9/attachment.html>


More information about the Rpm-maint mailing list