[pacman-dev] [PATCH 0/5][RFC] Die delta, die!
Andrew Gregory
andrew.gregory.8 at gmail.com
Mon Mar 4 06:07:18 UTC 2019
On 03/04/19 at 11:23am, Allan McRae wrote:
> On 2/3/19 8:19 pm, Allan McRae wrote:
> > Deltas are broken. So much so that I would strongly recommend never
> > using a delta from a repo that you did not generate yourself. In short,
> > we call "system(command)", with a command that includes the name of
> > a delta file, and the name of the package file before and after applying
> > the delta. The name of the delta and the package files is controlled by
> > the information in the repo, and could contain a malicious command to be
> > run as root.
> >
> > We could possibly work around this, but it is a very risky piece of code
> > and I believe it would be very hard to fully secure. Instead, I propose
> > to remove delta support completely.
>
> FYI, I'll retract my statement that it would be hard to fully secure.
> It is entirely possible to avoid spiking in shell code into the file
> names. But I'd still be happy removing deltas.
I've wanted to remove deltas for some time just due to how poorly
tested and maintained they are, so this still gets a +1 from me. You
missed references to deltaratio in etc/pacman.conf and README.
More information about the pacman-dev
mailing list