Mailinglist Archive: zypp-devel (70 mails)

< Previous Next >
Re: [zypp-devel] Re: [zypp-commit] r7726 - in /trunk/sat-solver: src/solver.c testsuite/deptestomatic.c tools/repo_content.c
  • From: Klaus Kaempf <kkaempf@xxxxxxx>
  • Date: Wed, 31 Oct 2007 15:08:11 +0100
  • Message-id: <20071031140811.GA15599@xxxxxxxxxxxxx>
* Stephan Kulow <coolo@xxxxxxx> [Oct 31. 2007 13:36]:

For the use case of "non-root user has rights to install updates",
updates must be strictly monotic increasing. Otherwise its a security
hole since this user could install older software with known risks.

Then the application doing the update shouldn't INSTALL_SOLVABLE a solvable
it knows should not be installed. Hardly job of the solver.

Depends on the application <-> solver interface and where the
'access granted' decision is taken. According to security, this
decision must not be taken by the application.
So you have to enforce the 'do not downgrade' policy somewhere
outside of the application.


Klaus
--
To unsubscribe, e-mail: zypp-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: zypp-devel+help@xxxxxxxxxxxx

< Previous Next >