RPM Community Forums

Mailing List Message of <rpm-devel>

Re: rpm infinite recursions using manifests

From: Doug Ledford <dledford@redhat.com>
Date: Mon 08 Sep 2008 - 15:44:35 CEST
Message-Id: <1220881475.7801.98.camel@firewall.xsintricity.com> 
On Sun, 2008-09-07 at 14:30 -0400, Jeff Johnson wrote:
> On Sep 7, 2008, at 2:19 PM, Alexey Tourbin wrote:
> 
> > On Sun, Sep 07, 2008 at 12:10:18PM -0400, Jeff Johnson wrote:
> >> There's a class of infinite recursion problems with manifests used
> >> on the rpm CLI that I don't know to fix.
> >>
> >> A manifest is a file containing a list of paths to packages (or other
> >> manifests)
> >
> > Forbid manifest files from within manifests.
> 
> Actually I think you're on to something here.
> 
> I can easily associate a recursion level with each arg, and do level++
> when opening item as a manifest.
> 
> With a recursion level, the recursion can be limited.
> 
> So "Forbid manifests" becomes same is "fail if level > 0", and
> forbidding manifests withing manifests is same as "fail if level > 1".
> 
> Note that URI's are also permitted in manifests, and so "cross site
> scripting" needs to be avoided with URI affinity as well.

Instead of using a list, use a tree.  Make level 0 the spec your
starting at, build the tree down a level each time you process a list,
and refuse to put the same item in the tree twice.

-- 
Doug Ledford <dledford@redhat.com>
              GPG KeyID: CFBFF194
              http://people.redhat.com/dledford

Infiniband specific RPMs available at
              http://people.redhat.com/dledford/Infiniband
Received on Mon Sep 8 16:00:27 2008
Driven by Jeff Johnson and the RPM project team.
Hosted by OpenPKG and Ralf S. Engelschall.
Powered by FreeBSD and OpenPKG.