[pacman-dev] [PATCH 0/5][RFC] Die delta, die!
allan at archlinux.org
Mon Mar 4 01:23:47 UTC 2019
On 2/3/19 8:19 pm, Allan McRae wrote:
> Deltas are broken. So much so that I would strongly recommend never
> using a delta from a repo that you did not generate yourself. In short,
> we call "system(command)", with a command that includes the name of
> a delta file, and the name of the package file before and after applying
> the delta. The name of the delta and the package files is controlled by
> the information in the repo, and could contain a malicious command to be
> run as root.
> We could possibly work around this, but it is a very risky piece of code
> and I believe it would be very hard to fully secure. Instead, I propose
> to remove delta support completely.
FYI, I'll retract my statement that it would be hard to fully secure.
It is entirely possible to avoid spiking in shell code into the file
names. But I'd still be happy removing deltas.
More information about the pacman-dev