Mailinglist Archive: opensuse-packaging (68 mails)
| < Previous | Next > |
[opensuse-packaging] cleaning the buildroot correctly
- From: Marcus Meissner <meissner@xxxxxxx>
- Date: Wed, 14 Feb 2007 18:02:22 +0100
- Message-id: <20070214170222.GA14422@xxxxxxx>
Hi,
darix asked me to post this ;)
Quite some time ago we had the discussion how the
buildroot should be created in a secure way in %install.
BAD:
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/usr/... or make install
Why?
RPM_BUILD_ROOT is within /var/tmp and you just opened a trivial
race condition to a local attacker on your machine to take over
your account (or event root if you build as root).
It is better not to "rm -rf $RPM_BUILD_ROOT" in %install at all
(and rely on %clean to do it).
If you want to clean it, better do:
%install
rm -rf $RPM_BUILD_ROOT
mkdir $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/usr ... or make install
In this case the "mkdir $RPM_BUILD_ROOT" would fail and the build would
abort if an attacker tries to replace the buildroot by his own symlink.
(or similar ;)
Ciao, Marcus
--
Working, but not speaking for the following german company:
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-packaging+help@xxxxxxxxxxxx
darix asked me to post this ;)
Quite some time ago we had the discussion how the
buildroot should be created in a secure way in %install.
BAD:
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/usr/... or make install
Why?
RPM_BUILD_ROOT is within /var/tmp and you just opened a trivial
race condition to a local attacker on your machine to take over
your account (or event root if you build as root).
It is better not to "rm -rf $RPM_BUILD_ROOT" in %install at all
(and rely on %clean to do it).
If you want to clean it, better do:
%install
rm -rf $RPM_BUILD_ROOT
mkdir $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/usr ... or make install
In this case the "mkdir $RPM_BUILD_ROOT" would fail and the build would
abort if an attacker tries to replace the buildroot by his own symlink.
(or similar ;)
Ciao, Marcus
--
Working, but not speaking for the following german company:
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-packaging+help@xxxxxxxxxxxx
| < Previous | Next > |