RPM: signing uncompressed data instead of signed data?

Andre Robatino robatino at fedoraproject.org
Thu Nov 11 14:29:54 UTC 2010

Bruno Wolff III wrote:

> Uncompressing hostile data is generally not a good thing to be doing.
> From that aspect it makes more sense to sign the compressed payload.

I was thinking that since the signature check usually passes, the data
could be uncompressed into a cache, checked there, then copied into
place (assuming the check passes). If the data is capable of escaping
from that sandbox before being checked, that's a serious security bug in
the compression software that should be fixed in any case.

(Sorry for not responding in-thread. Gmane isn't updating its list of
existing threads.)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20101111/416cc51a/attachment.bin 

More information about the devel mailing list