[Yum] Security issues with include= implementation in yum.conf
Matthias Saou
thias at spam.spam.spam.spam.spam.spam.spam.egg.and.spam.freshrpms.net
Sat Oct 4 19:06:44 UTC 2003
seth vidal wrote :
> My general take is that this no big deal - but there is the possibility
> for much abuse and much flexibility. Hard call between the two of them.
Exactly my thought, and I'd have to add :
- Don't put any network includes at all, nor any includes to files users
other than root can modify, in a default package configuration of yum.
- Let anyone set includes as they like later on, but with big warnings
about the existence and possible security issues of the network ones in
the documentation (man page & howto).
Matthias
--
Clean custom Red Hat Linux rpm packages : http://freshrpms.net/
Raw Hide 20031002 - Linux kernel 2.4.22-20.1.2024.2.36.nptl
Load : 0.03 0.11 0.15
More information about the Yum
mailing list