diff options
| author | Panu Matilainen <pmatilai@redhat.com> | 2022-02-10 14:32:43 +0200 |
|---|---|---|
| committer | Panu Matilainen <pmatilai@redhat.com> | 2022-02-16 10:57:18 +0200 |
| commit | 96ec957e281220f8e137a2d5eb23b83a6377d556 (patch) | |
| tree | 80549990bc4e3393b2dd3db378afa6bb08fa3232 /INSTALL | |
| parent | fb13f7fd9eff012cb7b9dbf94ac5381c69404055 (diff) | |
| download | rpm-96ec957e281220f8e137a2d5eb23b83a6377d556.tar.gz | |
Validate intermediate symlinks during installation, CVE-2021-35939
Whenever directory changes during unpacking, walk the entire tree from
starting from / and validate any symlinks crossed, fail the install
on invalid links.
This is the first of step of many towards securing our file operations
against local tamperers and besides plugging that one CVE, paves the way
for the next step by adding the necessary directory fd tracking.
This also bumps the rpm OS requirements to a whole new level by requiring
the *at() family of calls from POSIX-1.2008.
This necessarily does a whole lot of huffing and puffing we previously
did not do. It should be possible to cache secure (ie root-owned)
directory structures to avoid validating everything a million times
but for now, just keeping things simple.
Diffstat (limited to 'INSTALL')
| -rw-r--r-- | INSTALL | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -103,6 +103,8 @@ option to configure). For GCC, OpenMP 4.5 is fully supported since GCC 6.1, which is available from http://www.gnu.org/ +Rpm requires a POSIX.1-2008 level operating system. + To compile RPM: -------------- |