Mailinglist Archive: zypp-devel (59 mails)
| < Previous | Next > |
Re: [zypp-devel] Re: [zypp-commit] r11689 - /trunk/zypper/src/Zypper.cc
- From: Michael Schroeder <mls@xxxxxxx>
- Date: Mon, 17 Nov 2008 17:22:20 +0100
- Message-id: <20081117162220.GA26738@xxxxxxx>
On Mon, Nov 17, 2008 at 05:13:50PM +0100, Jan Kupec wrote:
I think so, there exists lots of attacks which exploit exaclty such
races.
Please do.
Thanks,
Michael.
--
Michael Schroeder mls@xxxxxxx
SUSE LINUX Products GmbH, GF Markus Rex, HRB 16746 AG Nuernberg
main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);}
--
To unsubscribe, e-mail: zypp-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: zypp-devel+help@xxxxxxxxxxxx
Should be. The packagesPath dir is only used to copy the .rpm file from
repo; any file with the same name is overwritten, then the rpm is
installed & removed. An attacker would need to put a malicious rpm in
place of the original very quickly. Is that an issue?
I think so, there exists lots of attacks which exploit exaclty such
races.
If yes, i can
change it to a TmpDir existing during lifetime of zypper.
Please do.
Thanks,
Michael.
--
Michael Schroeder mls@xxxxxxx
SUSE LINUX Products GmbH, GF Markus Rex, HRB 16746 AG Nuernberg
main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);}
--
To unsubscribe, e-mail: zypp-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: zypp-devel+help@xxxxxxxxxxxx
| < Previous | Next > |