-
Notifications
You must be signed in to change notification settings - Fork 359
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFE: run scriptlets in selective filesystem isolation #2665
Labels
Comments
pmatilai
added a commit
to pmatilai/rpm
that referenced
this issue
Sep 15, 2023
A plugin is a convenient place to hide Linux-specific functionality. Implemented in this initial version are: - Optional private mounts during scriptlet execution, useful for protecting the system from scriptlets (eg /home) and the scriptlets from themselves (eg insecure /tmp usage) - Optionally disable network access during scriptlet execution Fixes: rpm-software-management#2632 Fixes: rpm-software-management#2665
pmatilai
added a commit
to pmatilai/rpm
that referenced
this issue
Sep 15, 2023
A plugin is a convenient place to hide Linux-specific functionality. Implemented in this initial version are: - Optional private mounts during scriptlet execution, useful for protecting the system from scriptlets (eg /home) and the scriptlets from themselves (eg insecure /tmp usage) - Optionally disable network access during scriptlet execution Note that at this time, scriplets executed with the embedded Lua interpreter are not covered by this because they run inside the main rpm process instead of forking (rpm-software-management#2635). Fixes: rpm-software-management#2632 Fixes: rpm-software-management#2665
pmatilai
added a commit
to pmatilai/rpm
that referenced
this issue
Sep 15, 2023
A plugin is a convenient place to hide Linux-specific functionality. Implemented in this initial version are: - Optional private mounts during scriptlet execution, useful for protecting the system from scriptlets (eg /home) and the scriptlets from themselves (eg insecure /tmp usage) - Optionally disable network access during scriptlet execution Note that at this time, scriplets executed with the embedded Lua interpreter are not covered by this because they run inside the main rpm process instead of forking (rpm-software-management#2635). Suggested-by: Johannes Segitz <jsegitz@suse.de> Fixes: rpm-software-management#2632 Fixes: rpm-software-management#2665
pmatilai
added a commit
to pmatilai/rpm
that referenced
this issue
Sep 15, 2023
A plugin is a convenient place to hide Linux-specific functionality. Implemented in this initial version are: - Optional private mounts during scriptlet execution, useful for protecting the system from scriptlets (eg /home) and the scriptlets from themselves (eg insecure /tmp usage) - Optionally disable network access during scriptlet execution Note that at this time, scriplets executed with the embedded Lua interpreter are not covered by this because they run inside the main rpm process instead of forking (rpm-software-management#2635). Suggested-by: Johannes Segitz <jsegitz@suse.de> Fixes: rpm-software-management#2632 Fixes: rpm-software-management#2665
pmatilai
added a commit
to pmatilai/rpm
that referenced
this issue
Sep 28, 2023
A plugin is a convenient place to hide Linux-specific functionality. Implemented in this initial version are: - Optional private mounts during scriptlet execution, useful for protecting the system from scriptlets (eg /home) and the scriptlets from themselves (eg insecure /tmp usage) - Optionally disable network access during scriptlet execution Note that at this time, scriplets executed with the embedded Lua interpreter are not covered by this because they run inside the main rpm process instead of forking (rpm-software-management#2635). Add a testcase for private /tmp Suggested-by: Johannes Segitz <jsegitz@suse.de> Fixes: rpm-software-management#2632 Fixes: rpm-software-management#2665
pmatilai
added a commit
to pmatilai/rpm
that referenced
this issue
Sep 28, 2023
A plugin is a convenient place to hide Linux-specific functionality. Implemented in this initial version are: - Optional private mounts during scriptlet execution, useful for protecting the system from scriptlets (eg /home) and the scriptlets from themselves (eg insecure /tmp usage) - Optionally disable network access during scriptlet execution Note that at this time, scriplets executed with the embedded Lua interpreter are not covered by this because they run inside the main rpm process instead of forking (rpm-software-management#2635). Add a testcase for private /tmp Suggested-by: Johannes Segitz <jsegitz@suse.de> Fixes: rpm-software-management#2632 Fixes: rpm-software-management#2665
pmatilai
added a commit
to pmatilai/rpm
that referenced
this issue
Oct 9, 2023
A plugin is a convenient place to hide Linux-specific functionality. Implemented in this initial version are: - Optional private mounts during scriptlet execution, useful for protecting the system from scriptlets (eg /home) and the scriptlets from themselves (eg insecure /tmp usage) - Optionally disable network access during scriptlet execution Note that at this time, scriplets executed with the embedded Lua interpreter are not covered by this because they run inside the main rpm process instead of forking (rpm-software-management#2635). Add a testcase for private /tmp Suggested-by: Johannes Segitz <jsegitz@suse.de> Fixes: rpm-software-management#2632 Fixes: rpm-software-management#2665
pmatilai
added a commit
that referenced
this issue
Oct 11, 2023
A plugin is a convenient place to hide Linux-specific functionality. Implemented in this initial version are: - Optional private mounts during scriptlet execution, useful for protecting the system from scriptlets (eg /home) and the scriptlets from themselves (eg insecure /tmp usage) - Optionally disable network access during scriptlet execution Note that at this time, scriplets executed with the embedded Lua interpreter are not covered by this because they run inside the main rpm process instead of forking (#2635). Add a testcase for private /tmp Suggested-by: Johannes Segitz <jsegitz@suse.de> Fixes: #2632 Fixes: #2665
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Inspired by #2617:
Scriptlets sometimes use /tmp insecurely, on platforms that support it (Linux at least) we could run scriptlets with private /tmp to enforce the matter.
Another,a kind of an opposite, use-case could be protect /home against naughty packages trying to peek in there (which they have absolutely zero business doing): just give scriptlets a private /home.
This could be easily made configurable so people can tune + protect for local needs.
To cover all scriptlets, we'd need #2635 first. Whether that's an actual blocker is a separate question, it doesn't have to be an all-or-nothing thing.
The text was updated successfully, but these errors were encountered: