[Rpm-devel] Yum inputs
andy at warmcat.com
Sat Aug 26 07:47:08 EDT 2006
Andy Green wrote:
> I presume the XML isn't signed by anyone since really the repo machine
> is generating it?
Just following up, yum-metadata-parser
/usr/lib/python2.4/site-packages/_sqlitecache.so uses libxml2. This is
reaching back to 2004 but there have been "multiple buffer overflows" there
An attacker that can control the content of a mirror and knows a flaw in
libxml2 could create evil xml files that will be hoovered up by any and
all yum users and gain control of their yum running as root. I guess
because of what rpm and yum do for a living, selinux has limited
opportunity to get in the way of an attack.
I realize this is hypothetical and needs a few bad planets in alignment
all at once, but... just sayin'...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4492 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.dulug.duke.edu/pipermail/rpm-devel/attachments/20060826/ad39f902/smime.bin
More information about the Rpm-devel