[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: RPM security (a newbie question)



Todd Zullinger wrote:
By policy, there are things that rpm scriptlets should not do.  But if
you created an rpm which had a %post section containing rm -rf /, rpm
would run it AFAIK.

Oh! 8-O

I wonder how easy it is to create a rootkit/trojan horse/whatever
and get it loaded on Fedora users' computers.

You would need to create a trojan package and get it onto the mirrors,
signed by the Fedora package signing key for a particular release.
This is not an easy task

Really? Have you seen a list telling you who reviewed which package before it got signed with Fedora key?

Probably there are lots of packages reviewed by their authors only?

STF

=======================================================================
http://eisenbits.homelinux.net/~stf/
OpenPGP: 9D25 3D89 75F1 DF1D F434  25D7 E87F A1B9 B80F 8062
=======================================================================

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]