[Bug 469585] Review Request: moon-buggy - Drive and jump with some kind of car across the moon
bugzilla at redhat.com
bugzilla at redhat.com
Sun Jan 4 09:15:11 UTC 2009
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=469585
--- Comment #18 from Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> 2009-01-04 04:15:08 EDT ---
(In reply to comment #17)
> Spec URL: http://labs.linuxnetz.de/bugzilla/moon-buggy.spec
> SRPM URL: http://labs.linuxnetz.de/bugzilla/moon-buggy-1.0.51-1.src.rpm
Well,
[tasaka1 at localhost moon-buggy]$ LANG=C rpmbuild --rebuild
moon-buggy-1.0.51-1.src.rpm
Installing moon-buggy-1.0.51-1.src.rpm
error: source package expected, binary found
error: moon-buggy-1.0.51-1.src.rpm cannot be installed
[tasaka1 at localhost moon-buggy]$ LANG=C rpm -ivh moon-buggy-1.0.51-1.src.rpm
error: can't create transaction lock on /var/lib/rpm/__db.000 (Permission
denied)
Something seems broken on your srpm...
For now I unpacked your srpm by rpmdev-extract and repackaged it.
Then:
- Installing moon-buggy binary rpm rebuilt from your srpm
- as tasaka1 (i.e. non-root) execute moon-buggy
Then this creates the file "mbscore" under /var/games/moon-buggy
with (owner:group) = (tasaka1:games).
Then what happens if "tasaka1" user does some malicious things on mbscore
(as tasaka1 can modify this file) and "root" executes moon-buggy?
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the Fedora-package-review
mailing list