bug #1104474
Jan Rękorajski
baggins at pld-linux.org
Tue Mar 12 21:34:53 CET 2013
On Tue, 12 Mar 2013, Jeffrey Johnson wrote:
>
> On Mar 12, 2013, at 3:58 PM, Jeffrey Johnson wrote:
>
> >
> > On Mar 12, 2013, at 1:57 PM, Jan Rękorajski wrote:
> >
> >> On Tue, 12 Mar 2013, Michael Shigorin wrote:
> >>
> >>> On Tue, Mar 12, 2013 at 06:22:54PM +0200, Elan Ruusam?e wrote:
> >>>> https://bugs.launchpad.net/pld-linux/+bug/1104474
> >>>> so, altlinux fixed that problem already in 2009?
> >>>
> >>> Erm, let's ask Dmitry Levin.
> >>
> >> That fix was for cpio, rpm has its own cpio writer.
> >> BTW, fix for rpm commited :)
> >>
> >
> > Fix was what: undoing the transaction id suffix'd temp files?
> >
> > Tricky to get right on a segfault because of limitations on signal handlers ...
> >
>
> If you mean that the patch here was applied to @rpm5.org code
> http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=7a9a5505667c681044bacb21c9b84ac66c062fe7
> note that the information leakage was fixed a different way, during rpmbuild, by anonymizing
> all ino_t that end up in a *.rpm metadata as a int32_t.
>
> Its just a hash truncated to 32 bits, all that is needed is that all hardlinks have
> identical ino_t marker, all the fuss about aliasing on a build system ino_t
> accidental collision is just fuss-o-bout.
I applied only the lib/fsm.c part, I saw that inode numbers were already
hashed in rpm5, they just weren't propagated I think.
--
Jan Rękorajski | PLD/Linux
SysAdm | http://www.pld-linux.org/
baggins<at>mimuw.edu.pl
baggins<at>pld-linux.org
More information about the pld-devel-en
mailing list