[Yum] Security issues with include= implementation in yum.conf

Matthias Saou thias at spam.spam.spam.spam.spam.spam.spam.egg.and.spam.freshrpms.net
Sat Oct 4 19:06:44 UTC 2003


seth vidal wrote :

> My general take is that this no big deal - but there is the possibility
> for much abuse and much flexibility. Hard call between the two of them.

Exactly my thought, and I'd have to add :
- Don't put any network includes at all, nor any includes to files users
  other than root can modify, in a default package configuration of yum.
- Let anyone set includes as they like later on, but with big warnings
  about the existence and possible security issues of the network ones in
  the documentation (man page & howto).

Matthias

-- 
Clean custom Red Hat Linux rpm packages : http://freshrpms.net/
Raw Hide 20031002 - Linux kernel 2.4.22-20.1.2024.2.36.nptl
Load : 0.03 0.11 0.15



More information about the Yum mailing list