[CentOS-devel] why provide debuginfo
Pär Andersson
paran at nsc.liu.seFri Apr 10 18:29:01 UTC 2009
- Previous message: [CentOS-devel] why provide debuginfo
- Next message: [CentOS-devel] why provide debuginfo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Charlie Brady wrote: > It's not obvious to me what the attack vector would be with unsigned > debuginfo packages... 1. Get people to download packages from you instead of the real debuginfo.centos.org by a MITM attack, DNS poisoning or whatever. 2. Send modified malicious packages instead of the real ones. Debuginfo packages are (AFAIK) ordinary RPM packages so they can contain evil binaries, install a rootkit in their post-install script or something like that. /Pär
- Previous message: [CentOS-devel] why provide debuginfo
- Next message: [CentOS-devel] why provide debuginfo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS-devel mailing list