The bug isn't that attacker can control apk package contents, but that you can t... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tptacek on Sept 13, 2018 \| parent \| context \| favorite \| on: Remote Code Execution in Alpine Linux The bug isn't that attacker can control apk package contents, but that you can trick apk into running a hook even if a package has a fingerprint mismatch. You want the simplest immediate fix for this vulnerability before you want to kick off the long discussion about moving all package management to TLS.

module0000 on Sept 13, 2018 [flagged] [–]

^^^ THIS

Before launching a campaign to ban guns, focus on triage for the current gaping bullet wound.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact