[Fedora-packaging] Re: buildroot race condition
opensource at till.name
Wed Mar 14 14:07:30 UTC 2007
On Mi März 14 2007, Axel Thimm wrote:
> Yes, once, but in the right time window, which is when between when the
> scriplet is written to disk and being executed. So the attacker has to win
> two races, not only one, and the grep itself and subsequent text parsing
> takes more time than the script's rm/mkdir.
In the rpm-tmp files I have on my system, there is not only the install part
in the file, but also the build part. So I assume that after the file is
created and the attackers knows the buildroot, he has all the time
until %build is finished, to prepare the race betwenn rm/mkdir in %install.
More information about the Fedora-packaging