Request for Review: dhcp-forwarder, dietlibc, ip-sentinel, util-vserver + xca
Michael Schwendt
bugs.michael at gmx.net
Wed Mar 30 17:20:39 UTC 2005
On Wed, 30 Mar 2005 18:45:37 +0200, Enrico Scholz wrote:
> >> > BuildRoot: %_tmppath/%name-%version-%release-buildroot
> >> > The prevered value is
> >> > "%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)"
> >>
> >> There is no big difference except the '%(%{__id_u} -n)' which does not
> >> make much sense but adds complexity and gives a false feeling about
> >> security. You have always a race between
> >
> > If memory serves correctly, the %__id_u thing was not for added
> > security, but a somewhat sane default for multi-user environments
>
> "multi-user environments" implicates security measures.
The obvious thing it does is to choose a different built root for every
user. You don't even know whether the users are trusted or not. If it's a
multi-user environment with untrusted users, overriding build root in
~/.rpmmacros would add security on a per-user basis.
More information about the fedora-extras-list
mailing list