glibc post upgrade
Stephen Smalley
sds at epoch.ncsc.mil
Wed Aug 25 14:02:01 UTC 2004
On Wed, 2004-08-25 at 09:54, Jeff Johnson wrote:
> That's the point. Lua is embedded, would be run by rpm, and no re-exec
> because of internal state.
Ok. And the lua "program" would still be extracted from the (possibly
untrustworthy) package contents, as with current helpers like
glibc_post_upgrade? So a package can carry arbitrary malicious lua code
and get it executed by rpm?
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list