Re: Some ostree observations
- From: Florian Weimer <fweimer redhat com>
- To: Colin Walters <walters verbum org>
- Cc: ostree-list <ostree-list gnome org>
- Subject: Re: Some ostree observations
- Date: Fri, 07 Mar 2014 18:31:37 +0100
On 02/26/2014 06:36 PM, Florian Weimer wrote:
On 02/25/2014 08:08 PM, Florian Weimer wrote:
Hmm, interesting. Yes, a reproducer would be good. Can you also
elaborate on "hostile network"? Did you write custom scripts to target
OSTree content or are you using something generic which just corrupts
generic HTTP requests?
It was a misbehaving custom script. I'll try to recreate the situation.
Here it is. You need to forward network traffic to it as a transparent
proxy and run "ostree admin upgrade", e.g.:
# iptables -t nat -I PREROUTING -s 192.168.122.0/24 -p tcp --dport 80 -j
REDIRECT --to-ports 3128
# iptables -I INPUT -i virbr0 -p tcp --dport 3128 -j ACCEPT
Do we already have a Bugzilla for this?
One more thing: I noticed that "rpm -Va" reports many files as changed
because the time stamps are off. This might be confusing.
--
Florian Weimer / Red Hat Product Security Team
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]