[Fedora-packaging] buildroot race condition
Tom 'spot' Callaway
tcallawa at redhat.com
Mon Mar 12 21:05:58 UTC 2007
On Mon, 2007-03-12 at 16:30 -0400, Bill Nottingham wrote:
> Rex Dieter (rdieter at math.unl.edu) said:
> > How is that a race exactly? rm doesn't exit/return until it is done, afaik.
>
> Someone could pre-make the build root in between the rm and mkdir calls.
Erm, ok. In the buildsystem, this should never happen (hooray mock), but
when building on a multi-user system, I can see the remote possibility.
However, we're talking about someone performing an operation in a very
tiny gap. It's just as likely that they would manually replace files at
any point in the process, or to argue that someone might rm -rf
$RPM_BUILD_ROOT behind my back.
Basically, what I'm saying is that this "race" is so unlikely, I don't
think we need to bother to go out of our way to prevent it.
It would be far easier for an attacker to leverage wildcarding in %files
while a package is building, wait for it to perform make install, then
slide in their malicious bits.
~spot
More information about the Fedora-packaging
mailing list