[Fedora-packaging] Re: buildroot race condition

Enrico Scholz enrico.scholz at informatik.tu-chemnitz.de
Wed Mar 14 00:41:40 UTC 2007


ville.skytta at iki.fi (Ville Skyttä) writes:

>> > %install
>> > rm -rf $RPM_BUILD_ROOT
>> > mkdir $RPM_BUILD_ROOT # this fails when $RPM_BUILD_ROOT already exists
>>
>> Will work;
>
> ...but will break in setups where some subdirs of $RPM_BUILD_ROOT are missing 
> before %install.  This wouldn't suffer from that drawback:
>
> %install
> rm -rf $RPM_BUILD_ROOT
> mkdir -p $(dirname $RPM_BUILD_ROOT) ; mkdir $RPM_BUILD_ROOT

... but opens a new attack vector because attacker could do

| mkdir -m777 -p $(dirname $RPM_BUILD_ROOT)
| ... wait until victim executes the first 2 %install lines
| mv $RPM_BUILD_ROOT $(dirname $RPM_BUILD_ROOT)/old-buildroot
| mkdir $RPM_BUILD_ROOT

(easy to automate by some inotify in $(dirname $RPM_BUILD_ROOT))




Enrico
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 480 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-packaging/attachments/20070314/36bc80dd/attachment.sig>


More information about the Fedora-packaging mailing list