[Bug 803642] New: security issue / scariness: init_buildsystem touches files on *host* /var/lib/rpm
https://bugzilla.novell.com/show_bug.cgi?id=803642 https://bugzilla.novell.com/show_bug.cgi?id=803642#c0 Summary: security issue / scariness: init_buildsystem touches files on *host* /var/lib/rpm Classification: Internal Novell Products Product: openSUSE Build Service Version: 2.3 Platform: Other OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: build process AssignedTo: mls@suse.com ReportedBy: jnelson-suse@jamponi.net QAContact: adrian@suse.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0 When preparing a build, init_buildsystem touches files on the *host's* /var/lib/rpm. All invocations of rpm that do not use chroot should use the rpm flag --root. This appears to cause occasional rpm data corruption issues (for both the build and - potentially - the host). Reproducible: Sometimes Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=803642
https://bugzilla.novell.com/show_bug.cgi?id=803642#c1
Michael Schröder
https://bugzilla.novell.com/show_bug.cgi?id=803642
https://bugzilla.novell.com/show_bug.cgi?id=803642#c2
Jon Nelson
https://bugzilla.novell.com/show_bug.cgi?id=803642
https://bugzilla.novell.com/show_bug.cgi?id=803642#c3
--- Comment #3 from Michael Schröder
https://bugzilla.novell.com/show_bug.cgi?id=803642
https://bugzilla.novell.com/show_bug.cgi?id=803642#c4
--- Comment #4 from Jon Nelson
https://bugzilla.novell.com/show_bug.cgi?id=803642
https://bugzilla.novell.com/show_bug.cgi?id=803642#c5
--- Comment #5 from Jon Nelson
https://bugzilla.novell.com/show_bug.cgi?id=803642
https://bugzilla.novell.com/show_bug.cgi?id=803642#c6
--- Comment #6 from Michael Schröder
https://bugzilla.novell.com/show_bug.cgi?id=803642
https://bugzilla.novell.com/show_bug.cgi?id=803642#c7
--- Comment #7 from Jon Nelson
https://bugzilla.novell.com/show_bug.cgi?id=803642
https://bugzilla.novell.com/show_bug.cgi?id=803642#c8
--- Comment #8 from Michael Schröder
https://bugzilla.novell.com/show_bug.cgi?id=803642
https://bugzilla.novell.com/show_bug.cgi?id=803642#c9
--- Comment #9 from Jon Nelson
https://bugzilla.novell.com/show_bug.cgi?id=803642
https://bugzilla.novell.com/show_bug.cgi?id=803642#c10
--- Comment #10 from Jon Nelson
https://bugzilla.novell.com/show_bug.cgi?id=803642
https://bugzilla.novell.com/show_bug.cgi?id=803642#c11
--- Comment #11 from Jon Nelson
https://bugzilla.novell.com/show_bug.cgi?id=803642
https://bugzilla.novell.com/show_bug.cgi?id=803642#c12
--- Comment #12 from Michael Schröder
https://bugzilla.novell.com/show_bug.cgi?id=803642
https://bugzilla.novell.com/show_bug.cgi?id=803642#c13
--- Comment #13 from Jon Nelson
From a certain perspective, it doesn't really matter what the exact mechanism is: it's not working properly (corruption reported during build).
Looking at rpm2cpio.sh (available on RedHat-derived machines) it looks fairly trivial. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=803642
https://bugzilla.novell.com/show_bug.cgi?id=803642#c14
--- Comment #14 from Jon Nelson
https://bugzilla.novell.com/show_bug.cgi?id=803642
https://bugzilla.novell.com/show_bug.cgi?id=803642#c15
Michael Schröder
https://bugzilla.novell.com/show_bug.cgi?id=803642
https://bugzilla.novell.com/show_bug.cgi?id=803642#c16
Jon Nelson
https://bugzilla.novell.com/show_bug.cgi?id=803642
https://bugzilla.novell.com/show_bug.cgi?id=803642#c17
Michael Schröder
https://bugzilla.novell.com/show_bug.cgi?id=803642
https://bugzilla.novell.com/show_bug.cgi?id=803642#c18
--- Comment #18 from Michael Schröder
participants (1)
-
bugzilla_noreply@novell.com