I think @rhdesmond is in the situation of needing to process RPM databases that
come from untrusted container images. These databases might be malicious and
might try to exploit a bug in librpm to compromise the vulnerability scanner.
Such a bug would arguably be out of scope for librpm because it would require
root privileges to exploit, but in this case the root filesystem itself is
untrusted. That’s why I suggested compiling librpm via WebAssembly, so that
the impact of a compromise is limited.
Without a trick like this, the only other approach that meets certain security
requirements is to create a new virtual machine for each and every container
being scanned, which is slow, uses lots of memory, and is incompatible with
most cloud environments.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/discussions/2211#discussioncomment-7491327
You are receiving this because you are subscribed to this thread.
Message ID:
<rpm-software-management/rpm/repo-discussions/2211/comments/7491...@github.com>
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint