[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Fedora-packaging] Re: Request to drop %(%{__id_u} -n) in preferred buildroot



Axel Thimm ATrpms net (Axel Thimm) writes:

>> This directory is NOT unique and will break if 2 or more users are
>> running an rpmbuild in parallel on the same /var/tmp filesystem.
>
> And everything will break if someone builds for i686 and i586 (e.g. a
> kernel or glibc) simultaneously on the same filesystem (as the same
> user), which is even worse and probably more common than two non-root
> users sharing the same build server and building *exactly* the same
> package EVR-wise.

ACK; when you build on multi-user systems, you should use a secure
%_tmppath instead of trusting into %(id -u). Else, attacker could create
between

| rm -rf $RPM_BUILD_ROOT
| ...
| make install --> mkinstalldir $RPM_BUILD_ROOT

an $RPM_BUILD_ROOT with e.g. files for symlink attacks (it should be
trivial to find the window above with inotify(2)).

Therefore, multi-user environments are not an argument pro %(id -u).


Enrico


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]