[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Attention: Proprietary video driver users (ATI, Nvidia, etc.)




Correction.. non-crackrock rpms would not create a problem.  You can
do an amazing amount of damage via postinstall scripts inside
packages. It wouldn't be all that difficult to create an nvidia rpm
that dropped the nvidia installer on the system and then ran the
installer via postinstall script. In fact I'm pretty sure I've seen
that sort of beast in the wild at some point.  If your security is so
tight that postinstall actions during rpm packages would generally
fail when tampering with other package's files.. then you break lots
of postinstall actions.
I think rpm scripts already run within rpm_script_t domain which is confined on strict policy. Not sure how extensive the confinement is (I don't think it's very extensive).

What kind of scripts legitimately need to tamper with other packages' files? Examples?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]