[Fedora-packaging] Re: buildroot race condition

Till Maas opensource at till.name
Wed Mar 14 14:07:30 UTC 2007

On Mi März 14 2007, Axel Thimm wrote:

> Yes, once, but in the right time window, which is when between when the
> scriplet is written to disk and being executed. So the attacker has to win
> two races, not only one, and the grep itself and subsequent text parsing
> takes more time than the script's rm/mkdir.

In the rpm-tmp files I have on my system, there is not only the install part 
in the file, but also the build part. So I assume that after the file is 
created and the attackers knows the buildroot, he has all the time 
until %build is finished, to prepare the race betwenn rm/mkdir in %install.


More information about the Fedora-packaging mailing list