glibc post upgrade

Stephen Smalley sds at epoch.ncsc.mil
Wed Aug 25 14:02:01 UTC 2004


On Wed, 2004-08-25 at 09:54, Jeff Johnson wrote:
> That's the point. Lua is embedded, would be run by rpm, and no re-exec 
> because of internal state.

Ok.  And the lua "program" would still be extracted from the (possibly
untrustworthy) package contents, as with current helpers like
glibc_post_upgrade?  So a package can carry arbitrary malicious lua code
and get it executed by rpm?

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency




More information about the fedora-selinux-list mailing list