[Fedora-packaging] Re: buildroot race condition

Enrico Scholz enrico.scholz at informatik.tu-chemnitz.de
Wed Mar 14 00:41:40 UTC 2007

ville.skytta at iki.fi (Ville Skyttä) writes:

>> > %install
>> > rm -rf $RPM_BUILD_ROOT
>> > mkdir $RPM_BUILD_ROOT # this fails when $RPM_BUILD_ROOT already exists
>> Will work;
> ...but will break in setups where some subdirs of $RPM_BUILD_ROOT are missing 
> before %install.  This wouldn't suffer from that drawback:
> %install
> rm -rf $RPM_BUILD_ROOT
> mkdir -p $(dirname $RPM_BUILD_ROOT) ; mkdir $RPM_BUILD_ROOT

... but opens a new attack vector because attacker could do

| mkdir -m777 -p $(dirname $RPM_BUILD_ROOT)
| ... wait until victim executes the first 2 %install lines
| mv $RPM_BUILD_ROOT $(dirname $RPM_BUILD_ROOT)/old-buildroot

(easy to automate by some inotify in $(dirname $RPM_BUILD_ROOT))

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 480 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-packaging/attachments/20070314/36bc80dd/attachment.sig>

More information about the Fedora-packaging mailing list