Hi, darix asked me to post this ;) Quite some time ago we had the discussion how the buildroot should be created in a secure way in %install. BAD: %install rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT/usr/... or make install Why? RPM_BUILD_ROOT is within /var/tmp and you just opened a trivial race condition to a local attacker on your machine to take over your account (or event root if you build as root). It is better not to "rm -rf $RPM_BUILD_ROOT" in %install at all (and rely on %clean to do it). If you want to clean it, better do: %install rm -rf $RPM_BUILD_ROOT mkdir $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT/usr ... or make install In this case the "mkdir $RPM_BUILD_ROOT" would fail and the build would abort if an attacker tries to replace the buildroot by his own symlink. (or similar ;) Ciao, Marcus -- Working, but not speaking for the following german company: SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org