-
Notifications
You must be signed in to change notification settings - Fork 356
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFE: Fork Lua scriptlets too #2635
Comments
This was referenced Sep 12, 2023
Closed
pmatilai
added a commit
to pmatilai/rpm
that referenced
this issue
Sep 15, 2023
A plugin is a convenient place to hide Linux-specific functionality. Implemented in this initial version are: - Optional private mounts during scriptlet execution, useful for protecting the system from scriptlets (eg /home) and the scriptlets from themselves (eg insecure /tmp usage) - Optionally disable network access during scriptlet execution Note that at this time, scriplets executed with the embedded Lua interpreter are not covered by this because they run inside the main rpm process instead of forking (rpm-software-management#2635). Fixes: rpm-software-management#2632 Fixes: rpm-software-management#2665
pmatilai
added a commit
to pmatilai/rpm
that referenced
this issue
Sep 15, 2023
A plugin is a convenient place to hide Linux-specific functionality. Implemented in this initial version are: - Optional private mounts during scriptlet execution, useful for protecting the system from scriptlets (eg /home) and the scriptlets from themselves (eg insecure /tmp usage) - Optionally disable network access during scriptlet execution Note that at this time, scriplets executed with the embedded Lua interpreter are not covered by this because they run inside the main rpm process instead of forking (rpm-software-management#2635). Suggested-by: Johannes Segitz <[email protected]> Fixes: rpm-software-management#2632 Fixes: rpm-software-management#2665
pmatilai
added a commit
to pmatilai/rpm
that referenced
this issue
Sep 15, 2023
A plugin is a convenient place to hide Linux-specific functionality. Implemented in this initial version are: - Optional private mounts during scriptlet execution, useful for protecting the system from scriptlets (eg /home) and the scriptlets from themselves (eg insecure /tmp usage) - Optionally disable network access during scriptlet execution Note that at this time, scriplets executed with the embedded Lua interpreter are not covered by this because they run inside the main rpm process instead of forking (rpm-software-management#2635). Suggested-by: Johannes Segitz <[email protected]> Fixes: rpm-software-management#2632 Fixes: rpm-software-management#2665
pmatilai
added a commit
to pmatilai/rpm
that referenced
this issue
Sep 28, 2023
A plugin is a convenient place to hide Linux-specific functionality. Implemented in this initial version are: - Optional private mounts during scriptlet execution, useful for protecting the system from scriptlets (eg /home) and the scriptlets from themselves (eg insecure /tmp usage) - Optionally disable network access during scriptlet execution Note that at this time, scriplets executed with the embedded Lua interpreter are not covered by this because they run inside the main rpm process instead of forking (rpm-software-management#2635). Add a testcase for private /tmp Suggested-by: Johannes Segitz <[email protected]> Fixes: rpm-software-management#2632 Fixes: rpm-software-management#2665
pmatilai
added a commit
to pmatilai/rpm
that referenced
this issue
Sep 28, 2023
A plugin is a convenient place to hide Linux-specific functionality. Implemented in this initial version are: - Optional private mounts during scriptlet execution, useful for protecting the system from scriptlets (eg /home) and the scriptlets from themselves (eg insecure /tmp usage) - Optionally disable network access during scriptlet execution Note that at this time, scriplets executed with the embedded Lua interpreter are not covered by this because they run inside the main rpm process instead of forking (rpm-software-management#2635). Add a testcase for private /tmp Suggested-by: Johannes Segitz <[email protected]> Fixes: rpm-software-management#2632 Fixes: rpm-software-management#2665
pmatilai
added a commit
to pmatilai/rpm
that referenced
this issue
Oct 9, 2023
A plugin is a convenient place to hide Linux-specific functionality. Implemented in this initial version are: - Optional private mounts during scriptlet execution, useful for protecting the system from scriptlets (eg /home) and the scriptlets from themselves (eg insecure /tmp usage) - Optionally disable network access during scriptlet execution Note that at this time, scriplets executed with the embedded Lua interpreter are not covered by this because they run inside the main rpm process instead of forking (rpm-software-management#2635). Add a testcase for private /tmp Suggested-by: Johannes Segitz <[email protected]> Fixes: rpm-software-management#2632 Fixes: rpm-software-management#2665
pmatilai
added a commit
that referenced
this issue
Oct 11, 2023
A plugin is a convenient place to hide Linux-specific functionality. Implemented in this initial version are: - Optional private mounts during scriptlet execution, useful for protecting the system from scriptlets (eg /home) and the scriptlets from themselves (eg insecure /tmp usage) - Optionally disable network access during scriptlet execution Note that at this time, scriplets executed with the embedded Lua interpreter are not covered by this because they run inside the main rpm process instead of forking (#2635). Add a testcase for private /tmp Suggested-by: Johannes Segitz <[email protected]> Fixes: #2632 Fixes: #2665
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I could've sworn there is a ticket on this already but can't find it 馃憖
Currently rpm runs scriptlets in two drastically different ways: the "normal" scriptlets go through fork() + exec() whereas Lua scriptlets run inline in the main rpm process. Not having to exec() is a feature, because it allows Lua to run in the void of an empty chroot, but not forking is a problem as it allows arbitrary scriptlets to mess with rpm configuration and whatnot. Besides being a multi-way security hazard as it is, the "small" difference and the imbalance it creates effectively prevents other enhancements in this area (eg #2617, #2636), requires a separate Lua-specific API to be maintained for file triggers and whatnot.
The text was updated successfully, but these errors were encountered: