On 2007-02-14 18:02:22 +0100, Marcus Meissner wrote:
darix asked me to post this ;)
thanks!:)
Quite some time ago we had the discussion how the buildroot should be created in a secure way in %install.
BAD: %install rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT/usr/... or make install
Why?
RPM_BUILD_ROOT is within /var/tmp and you just opened a trivial race condition to a local attacker on your machine to take over your account (or event root if you build as root).
It is better not to "rm -rf $RPM_BUILD_ROOT" in %install at all (and rely on %clean to do it).
If you want to clean it, better do: %install rm -rf $RPM_BUILD_ROOT mkdir $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT/usr ... or make install
In this case the "mkdir $RPM_BUILD_ROOT" would fail and the build would abort if an attacker tries to replace the buildroot by his own symlink.
(or similar ;)
for suse based distributions there is no need for rm -rf $BUILD_ROOT as our rpm is taking care of this for you. so if you just care about packaging for suse leave the rm line out. darix -- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org