Based on the last [EPEL
meeting](https://meetbot.fedoraproject.org/fedora-meeting/2023-11-01/epel.2023-11-01-20.00.log.html),
where https://pagure.io/releng/issue/11751 was raised, I would like to suggest
to disallow most control characters in at least `%summary`, `%description` and
Is it intended, that it's called `/data.mdb` rather `/Packages.mdb`?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
> Hmmm ... its not clear what exploit is used (from just reading the file at
> the URL you gave).
I think "DIZZYTACHOMETER" doesn't exploit anything itself, but is just hiding
e.g. a rootkit installation by manipulating the rpmdb based on already existing
write permissions gained before. I
https://github.com/x0rz/EQGRP/blob/33810162273edda807363237ef7e7c5ece3e4100/Linux/doc/old/etc/user.mission.generic.COMMON.old
refers to "DIZZYTACHOMETER", which is a tool to manipulate the rpmdb in order
to avoid `rpm -V` reporting manipulated/changed/replaced binaries/files of
installed RPM
At https://bugzilla.redhat.com/show_bug.cgi?id=1086784, there also was kind of
discussion about that.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: