pmatilai at laiskiainen.org
Mon Jul 30 21:15:14 UTC 2007
On Mon, 30 Jul 2007, seth vidal wrote:
> On Mon, 2007-07-30 at 21:03 +0300, Panu Matilainen wrote:
>> Yum could just as well support "yum install http://..../foo.rpm" :)
>> Speaking of that, yum currently accesses package header before verifying
>> the signature, at least in the case of localinstall. I've some fuzzed
>> rpm's here that cause rpm to segfault if signature checking is
>> disabled as yum does... Dunno how exploitable that is in reality but there
>> is a potential vulnerability there anyway.
> 1. Can I get a copy of those rpms?
> 2. I've heard about the aforementioned mythic case of an exploit but
> never actually seen one. I could be wrong but I thought the case that
> was dangerous was not if gpg signature checking was disabled but if
> header checking in general was disabled. Changing yum's opener for pkgs
> so it does with hdr checking enabled is pretty simple to do - however,
> it'd be nice if I had a replicating case to check it out with.
BTW if it's of any comfort, apt is guilty of the same thing. Doh :)
- Panu -
More information about the devel