[Rpm-maint] [rpm-software-management/rpm] RFE: ensure unwritable buildroot during %check (Issue #3010)

norbert manthey notifications at github.com
Fri Apr 19 05:37:47 UTC 2024


Yes, this approach will never be complete. Something like the proposed feature is only a building block. For the other stages, there could also be the requirement to not modify files that have been available already. IMHO, other attack vectors should be addressed with other tools.

What data would you need to be more willing to accept a PR the implements the requested idea? While the hashing approach might be more IO heavy, it seems like a portable solution. Furthermore, this approach does not require extra permissions for additional jailing.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3010#issuecomment-2065796737
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/3010/2065796737 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20240418/7c5ac7b0/attachment.html>


More information about the Rpm-maint mailing list