[Fedora-packaging] Re: Request to drop %(%{__id_u} -n) in preferred buildroot
Enrico Scholz
enrico.scholz at informatik.tu-chemnitz.de
Wed Jul 19 20:32:08 UTC 2006
Axel.Thimm at ATrpms.net (Axel Thimm) writes:
>> This directory is NOT unique and will break if 2 or more users are
>> running an rpmbuild in parallel on the same /var/tmp filesystem.
>
> And everything will break if someone builds for i686 and i586 (e.g. a
> kernel or glibc) simultaneously on the same filesystem (as the same
> user), which is even worse and probably more common than two non-root
> users sharing the same build server and building *exactly* the same
> package EVR-wise.
ACK; when you build on multi-user systems, you should use a secure
%_tmppath instead of trusting into %(id -u). Else, attacker could create
between
| rm -rf $RPM_BUILD_ROOT
| ...
| make install --> mkinstalldir $RPM_BUILD_ROOT
an $RPM_BUILD_ROOT with e.g. files for symlink attacks (it should be
trivial to find the window above with inotify(2)).
Therefore, multi-user environments are not an argument pro %(id -u).
Enrico
More information about the Fedora-packaging
mailing list