[Fedora-packaging] Re: buildroot race condition

Axel Thimm Axel.Thimm at ATrpms.net
Wed Mar 14 11:21:45 UTC 2007

On Wed, Mar 14, 2007 at 01:41:40AM +0100, Enrico Scholz wrote:
> ville.skytta at iki.fi (Ville Skyttä) writes:
> >> > %install
> >> > rm -rf $RPM_BUILD_ROOT
> >> > mkdir $RPM_BUILD_ROOT # this fails when $RPM_BUILD_ROOT already exists
> >>
> >> Will work;
> >
> > ...but will break in setups where some subdirs of $RPM_BUILD_ROOT are missing 
> > before %install.  This wouldn't suffer from that drawback:
> >
> > %install
> > rm -rf $RPM_BUILD_ROOT
> > mkdir -p $(dirname $RPM_BUILD_ROOT) ; mkdir $RPM_BUILD_ROOT
> ... but opens a new attack vector because attacker could do
> | mkdir -m777 -p $(dirname $RPM_BUILD_ROOT)
> | ... wait until victim executes the first 2 %install lines
> | mv $RPM_BUILD_ROOT $(dirname $RPM_BUILD_ROOT)/old-buildroot
> | mkdir $RPM_BUILD_ROOT
> (easy to automate by some inotify in $(dirname $RPM_BUILD_ROOT))

Nice catch. I agree with Enrico, if we start trying to fix that, too,
we end up with a loop of mkdir's (w/o -p) from outer to inner with
testing ownerships/permissions and so on. This would then bloat to
take over most of the %install section. We already have resistance to
adding a single mkdir line. :/

Instead the plain mkdir solution *will* fail, making the user rethink
about his setup. If the user wants to build all his stuff under
/var/tmp/<user>/... (which is a legitimate setup, of course), he needs
to first create the basic sceleton with proper permissions, and the
failure will make him do that. Otherwise we create scenarios like
Enrico describes.

E.g. The buildroot setting should assume that the parent folders are
all properly set up beforehand, including existance, ownership and
permissions. Then we only need an rm/mkdir pair.
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-packaging/attachments/20070314/1e905dcb/attachment.sig>

More information about the Fedora-packaging mailing list