[Fedora-packaging] Re: buildroot race condition
Axel Thimm
Axel.Thimm at ATrpms.net
Wed Mar 14 11:14:22 UTC 2007
On Tue, Mar 13, 2007 at 10:48:55PM +0100, Till Maas wrote:
> On Di März 13 2007, Axel Thimm wrote:
>
> > The race between two rm/mkdir are about 50%. If you add a grep into
> > one of them the balance will be strongly shifted in our favour, just
> > try it.
>
> The grep needs only to be performed once before the race to "guess" the
> buildroot.
Yes, once, but in the right time window, which is when between when the scriplet is
written to disk and being executed. So the attacker has to win two
races, not only one, and the grep itself and subsequent text parsing
takes more time than the script's rm/mkdir.
But this is all academic, try an attack and check the success rates,
I'm sure they will be very low in the mktemp BuildRoot, even if you
write the grep/sed stuff in C.
But they will be zero if we handle the race in the specfile, I'm not
trying to play the true issue down.
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-packaging/attachments/20070314/131fed9b/attachment.sig>
More information about the Fedora-packaging
mailing list