Request for Review: dhcp-forwarder, dietlibc, ip-sentinel, util-vserver + xca
Enrico Scholz
enrico.scholz at informatik.tu-chemnitz.de
Wed Mar 30 18:17:42 UTC 2005
bugs.michael at gmx.net (Michael Schwendt) writes:
>> >> > BuildRoot: %_tmppath/%name-%version-%release-buildroot
>> >> > The prevered value is
>> >> > "%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)"
>> > ...
>> > If memory serves correctly, the %__id_u thing was not for added
>> > security, but a somewhat sane default for multi-user environments
>>
>> "multi-user environments" implicates security measures.
>
> The obvious thing it does is to choose a different built root for every
> user.
The buildroot mentioned above (this with '%__id_u') is unique per user,
but not secure. You need a %_tmppath which is only writable by the the
actual user.
Enrico
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 480 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-extras-list/attachments/20050330/05a1069e/attachment.sig>
More information about the fedora-extras-list
mailing list