RPM Community Forums

Mailing List Message of <popt-devel>

Re: Adding poptSecuritySaneFile to popt-1.15?

From: Jeff Johnson <n3npq@mac.com>
Date: Fri 19 Dec 2008 - 17:19:31 CET
Message-id: <1F9E8CFC-0614-47E1-A5BE-E4A80EB3A0A7@mac.com>

On Dec 19, 2008, at 11:11 AM, Ralf S. Engelschall wrote:

> On Fri, Dec 19, 2008, Ralf S. Engelschall wrote:
>
>> On Fri, Dec 19, 2008, Jeff Johnson wrote:
>>
>>> (resent, dunno where the 1st message went)
>>
>> I don't know, never seen on the list...
>>
>>> I kind of like the idea of using a '@' before a file path as an
>>> "attention" marker to increase the file validation checks, and so  
>>> I'm
>>> likely to refactor the functionality out of rpm and into popt-1.15  
>>> as
>>> part of simplifying rpm configuration/initialization.
>>>
>>> At the same time, I will probably add a new poptReadConfigFiles()
>>> method whose argument will be a colon separated list of  
>>> configuration
>>> file paths to read.
>>>
>>> Any other opinions?
>>
>> As long as the particular security check (here rpmSecuritySaneFile
>> for RPM_VENDOR_OPENPKG) embedded into POPT can be optionally still
>> overridden from within RPM (in case one needs some additional  
>> checks or
>> a different error message or whatever) I'm happy. Perhaps an optional
>> callback does the trick.
>
> BTW, under RPM_VENDOR_OPENPKG the "@" attention marker is not just  
> used
> for POPT files. It is also used for RPM macro files and Lua script
> files! So, please be careful that instead of a "factoring out" not a
> "partial removal" happens to the functionality.
>

Understood. What I like is the idea of a '@' attention in-band, not  
which particular
config file reading has chosen '@' attention.

I will likely drill similar into lua bootstrapping (if not there  
already).
I like consistency no matter what. But there are other issues to deal
with there permitting external system lua module loading that have
to be addressed. I have no intent of changing anything, but as you know,
the embedded lua is all snarled up throughout rpm misc/rpmio/lib ...

> For completeness reasons, here is how OpenPKG 4 configures RPM 5:
>
> | [...]
> | #   determine POPT option, RPM macros and Lua script file paths
> | RPMPOPT="%{l_prefix}/lib/openpkg/rpmpopt"
> | RPMPOPT="$RPMPOPT:%{l_prefix}/etc/openpkg/rpmpopt"
> | RPMPOPT="$RPMPOPT:%{l_prefix}/etc/openpkg/rpmpopt.d/*"
> | RPMPOPT="$RPMPOPT:~/.openpkg/rpmpopt"
> | RPMPOPT="$RPMPOPT:@../../.openpkg/rpmpopt"
> | RPMPOPT="$RPMPOPT:@../.openpkg/rpmpopt"
> | RPMPOPT="$RPMPOPT:@./.openpkg/rpmpopt"
> | RPMMACROS="%{l_prefix}/lib/openpkg/rpmmacros"
> | RPMMACROS="$RPMMACROS:%{l_prefix}/etc/openpkg/rpmmacros"
> | RPMMACROS="$RPMMACROS:%{l_prefix}/etc/openpkg/rpmmacros.d/*"
> | RPMMACROS="$RPMMACROS:~/.openpkg/rpmmacros"
> | RPMMACROS="$RPMMACROS:@../../.openpkg/rpmmacros"
> | RPMMACROS="$RPMMACROS:@../.openpkg/rpmmacros"
> | RPMMACROS="$RPMMACROS:@./.openpkg/rpmmacros"
> | RPMLUA="%{l_prefix}/lib/openpkg/rpmlua"
> | RPMLUA="$RPMLUA:%{l_prefix}/etc/openpkg/rpmlua"
> | RPMLUA="$RPMLUA:%{l_prefix}/etc/openpkg/rpmlua.d/*"
> | RPMLUA="$RPMLUA:~/.openpkg/rpmlua"
> | RPMLUA="$RPMLUA:@../../.openpkg/rpmlua"
> | RPMLUA="$RPMLUA:@../.openpkg/rpmlua"
> | RPMLUA="$RPMLUA:@./.openpkg/rpmlua"
> |
> | #   configure program
> | ./configure \
> |     --cache-file=./config.cache \
> |     --prefix=%{l_prefix} \
> |     --mandir="%{l_prefix}/man" \
> |     --includedir="%{l_prefix}/include/openpkg" \
> |     --with-name="OpenPKG RPM" \
> |     --with-path-cfg="%{l_prefix}/etc/openpkg" \
> |     --with-path-rpmpopt="$RPMPOPT" \
> |     --with-path-macros="$RPMMACROS" \
> |     --with-path-rpmlua="$RPMLUA" \
> |     [...]
>
> As you can see, the attention markers are especially used on all paths
> relative to the current working directory. This allows OpenPKG to  
> use a
> very flexible file-system layout with RPM (based on some additional  
> RPM
> macro hacking) while at the same time not open a security hole.
>

Thanks for the clear and explcit example, that will help me find what  
I'm
not supposed to break ;-)

73 de Jeff

  • application/pkcs7-signature attachment: smime.p7s
Received on Fri Dec 19 17:21:02 2008
Driven by Jeff Johnson and the RPM project team.
Hosted by OpenPKG and Ralf S. Engelschall.
Powered by FreeBSD and OpenPKG.