diff options
| author | nl6720 <nl6720@gmail.com> | 2022-11-26 20:00:40 +0200 |
|---|---|---|
| committer | nl6720 <nl6720@gmail.com> | 2022-12-06 13:12:53 +0200 |
| commit | 2c3420204e25c31b6768f8e30ade348db757b722 (patch) | |
| tree | 8b53a974d6904f312fa3701610672aaaa9fb7000 /CHANGELOG.rst | |
| parent | d31f38843ac0cb803561b0dbe976a3189ac0191c (diff) | |
| download | archiso-2c3420204e25c31b6768f8e30ade348db757b722.tar.gz archiso-2c3420204e25c31b6768f8e30ade348db757b722.tar.bz2 | |
mkarchiso: open the ARCHISO_GNUPG_FD, ARCHISO_TLS_FD and ARCHISO_TLSCA_FD file descriptors only for reading
Nothing should ever be written to these files, so let's make sure it cannot happen.
Diffstat (limited to 'CHANGELOG.rst')
| -rw-r--r-- | CHANGELOG.rst | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 982c722..4fa88db 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -13,6 +13,8 @@ Changed ------- - Check if the GPG public key file was successfully placed in the work directory before trying to use it. +- Open the file descriptors for code signing certificates and GPG public key as read only. Nothing from the within the + ``pacstrap`` invoked chroot should ever be allowed to write outside of it. Removed ------- |