oss-sec mailing list archives
Re: Using quilt on untrusted RPM spec files
From: Jakub Wilk <jwilk () jwilk net>
Date: Thu, 18 Oct 2018 16:57:29 +0200
* Randy Barlow <randy () electronsweatshop com>, 2018-09-27, 22:39:
In Fedora we have similar challenges. We've got a tool called fedora-review[0] that is maybe kinda similar to quilt.
Quilt is a tool to manage patch series, so maybe not that similar. :-)
It uses mock[1] to build the source RPM (and mock does this in a chroot to help with the problems you described)
If it's really just chroot, then I'm afraid that's not a sufficient protection. One can easily escape the chroot with ptrace(2).
-- Jakub Wilk
Current thread:
- Re: Using quilt on untrusted RPM spec files Jakub Wilk (Oct 18)
- Re: Using quilt on untrusted RPM spec files Stuart D. Gathman (Oct 23)
- <Possible follow-ups>
- Re: Using quilt on untrusted RPM spec files Jakub Wilk (Oct 22)
- Re: Using quilt on untrusted RPM spec files Stuart D. Gathman (Oct 23)