Re: Viruses
- From: James Henstridge <james daa com au>
- To: Alan Shutko <ats acm org>
- cc: gnome-list gnome org
- Subject: Re: Viruses
- Date: Wed, 7 Jul 1999 09:27:34 +0800 (WST)
You can look at the scripts in an rpm with:
rpm -qp --scripts package.rpm
Of course if the post install script calls some other script that is part
of the package, it is a bit harder to see what will happen.
This can at least save you from installing packages with "rm -rf /" in a
script.
To install an rpm without running any scripts, use the --noscripts option.
For triggers (scripts that get run when the status of another package
changes), use "rpm -qp --triggers ..." and the --notriggers option to rpm.
James.
--
Email: james@daa.com.au
WWW: http://www.daa.com.au/~james/
On 6 Jul 1999, Alan Shutko wrote:
> Bruce Stephens <bruce@cenderis.demon.co.uk> writes:
>
> > (rpm can do other
> > stuff, too, like run ldconfig. I'm not sure how careful it is about
> > what a package can ask it to do, so there's a potential loophole, I
> > suppose.)
>
> There's the rub. RPM pre and post install/uninstall scripts can do
> anything they want. It's not obvious to me how one would look at
> those scripts when getting a package, though I assume you could
> rpm2cpio it and look. But not many people are going to do that, so
> it's a vulnerability. (You can turn off those scripts with
> --notriggers... anyone know how to look the script while it's in the
> rpm?)
>
>
> --
> Alan Shutko <ats@acm.org> - Looking for a job in Long Island!
> Check http://rescomp.wustl.edu/~ats/ for a resume.
> Break into jail and claim police brutality.
>
>
> --
> FAQ: Frequently-Asked Questions at http://www.gnome.org/gnomefaq
> To unsubscribe: mail gnome-list-request@gnome.org with
> "unsubscribe" as the Subject.
>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
