[Fedora-packaging] buildroot race condition

Tom 'spot' Callaway tcallawa at redhat.com
Mon Mar 12 21:05:58 UTC 2007


On Mon, 2007-03-12 at 16:30 -0400, Bill Nottingham wrote:
> Rex Dieter (rdieter at math.unl.edu) said: 
> > How is that a race exactly?  rm doesn't exit/return until it is done, afaik.
> 
> Someone could pre-make the build root in between the rm and mkdir calls.

Erm, ok. In the buildsystem, this should never happen (hooray mock), but
when building on a multi-user system, I can see the remote possibility.
However, we're talking about someone performing an operation in a very
tiny gap. It's just as likely that they would manually replace files at
any point in the process, or to argue that someone might rm -rf
$RPM_BUILD_ROOT behind my back.

Basically, what I'm saying is that this "race" is so unlikely, I don't
think we need to bother to go out of our way to prevent it.

It would be far easier for an attacker to leverage wildcarding in %files
while a package is building, wait for it to perform make install, then
slide in their malicious bits.

~spot




More information about the Fedora-packaging mailing list