RPM: signing uncompressed data instead of signed data?
robatino at fedoraproject.org
Thu Nov 11 14:29:54 UTC 2010
Bruno Wolff III wrote:
> Uncompressing hostile data is generally not a good thing to be doing.
> From that aspect it makes more sense to sign the compressed payload.
I was thinking that since the signature check usually passes, the data
could be uncompressed into a cache, checked there, then copied into
place (assuming the check passes). If the data is capable of escaping
from that sandbox before being checked, that's a serious security bug in
the compression software that should be fixed in any case.
(Sorry for not responding in-thread. Gmane isn't updating its list of
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20101111/416cc51a/attachment.bin
More information about the devel