November 20, 2001

Brief: MS bug of the day warns about RPMs from untrusted sources

Author: JT Smith

- by Tina Gasperson -
MSNBC regularly publishes a "bug of the day" blurb, warning about actions that tend to provoke a BSOD for Windows users. Today, however, the warning is for Linux people.The report says "it is possible to corrupt the data in a Red Hat Package Manager (RPM) file so code is executed on a Linux system," but admits that it would be a difficult thing because "the memory location of the hacker shellcode would need to be known."

RPMs can be dangerous because they have to be run as root, and they have permission to execute all kinds of commands automatically - installing, deleting files, adding users, and other things. The MSNBC report is true: be careful where you get your RPMs from.


  • Linux
Click Here!