ABRT frustrating for users and developers
Jiri Moskovcak
jmoskovc at redhat.com
Mon Jan 18 12:37:03 UTC 2010
On 01/18/2010 01:28 PM, Thomas Moschny wrote:
> 2010/1/18 Jiri Moskovcak<jmoskovc at redhat.com>:
>>> Plus abrt should run `rpm -V' on any rpm involved in the transaction (=if
>>> user
>>> does not have replaced the binary by some non-rpm "make install").
>>
>> ABRT used to do this (and still can, it's just disabled), but rpm -V uses
>> prelink to un-prelink the binaries to check the MD5 sum and security guys
>> don't like it.
>
> Can you explain what's the security problem here?
> The outcome would be a boolean and a reject to send the report (or at
> least a big warning).
>
> - Thomas
The problem is during the "un-prelink" part, please see this BZs:
546572, 546350, 546987, 546772
Jirka
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jmoskovc.vcf
Type: text/x-vcard
Size: 126 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20100118/06192d8b/attachment.vcf
More information about the devel
mailing list