[Bug 193957] Review Request: nant
bugzilla at redhat.com
bugzilla at redhat.com
Wed Jul 19 15:50:35 UTC 2006
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: nant
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193957
ville.skytta at iki.fi changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|NOTABUG |NEXTRELEASE
------- Additional Comments From ville.skytta at iki.fi 2006-07-19 11:41 EST -------
(In reply to comment #16)
> A small problem with nant-0.85-5.src.rpm rebuilt on fc5: /usr/bin/nant tries
> to call /var/tmp/nant-0.85-5fc5-root-user/usr/lib/NAnt/bin/NAnt.exe.
That's not a small problem, it's an arbitrary command execution vulnerability.
Please install fedora-rpmdevtools and add check-buildroot and friends to your
~/.rpmmacros (eg. using fedora-buildrpmtree), it catches errors like this:
[...]
+ /usr/lib/rpm/check-buildroot
/var/tmp/nant-0.85-5-buildroot-scop/usr/bin/nant:exec
/usr/lib64/pkgconfig/../../bin/mono
/var/tmp/nant-0.85-5-buildroot-scop/usr/lib64/NAnt/bin/NAnt.exe "$@"
Found '/var/tmp/nant-0.85-5-buildroot-scop' in installed files; aborting
error: Bad exit status from /var/tmp/rpm-tmp.42428 (%install)
The same problem is in the package released in devel. Filed as bug 199432.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the Fedora-package-review
mailing list