Mailinglist Archive: opensuse-packaging (68 mails)
| < Previous | Next > |
Re: [opensuse-packaging] cleaning the buildroot correctly
- From: Reinhard Max <max@xxxxxxx>
- Date: Thu, 15 Feb 2007 14:01:20 +0100 (CET)
- Message-id: <Pine.LNX.4.64.0702151355030.4857@xxxxxxxxxxxxxx>
Hi,
On Wed, 14 Feb 2007 at 22:46, andreas.hanke@xxxxxxxxxxxxxx wrote:
> rm -rf $RPM_BUILD_ROOT/*
I think this is vulnreable to a symlink attack.
If somebody has created $RPM_BUILD_ROOT as a symlink that points to
your home dir, then
rm -rf $RPM_BUILD_ROOT
will be save, as it either removes the symlink or fails if you don't
have permission to remove it, but
rm -rf $RPM_BUILD_ROOT/*
will "clean up" your home dir.
cu
Reinhard
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-packaging+help@xxxxxxxxxxxx
On Wed, 14 Feb 2007 at 22:46, andreas.hanke@xxxxxxxxxxxxxx wrote:
> rm -rf $RPM_BUILD_ROOT/*
I think this is vulnreable to a symlink attack.
If somebody has created $RPM_BUILD_ROOT as a symlink that points to
your home dir, then
rm -rf $RPM_BUILD_ROOT
will be save, as it either removes the symlink or fails if you don't
have permission to remove it, but
rm -rf $RPM_BUILD_ROOT/*
will "clean up" your home dir.
cu
Reinhard
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-packaging+help@xxxxxxxxxxxx
| < Previous | Next > |