[opensuse-packaging] cleaning the buildroot correctly

14 Feb 2007


      Hi,
darix asked me to post this ;)
Quite some time ago we had the discussion how the
buildroot should be created in a secure way in %install.
BAD:
    %install
    rm -rf $RPM_BUILD_ROOT
    mkdir -p $RPM_BUILD_ROOT/usr/...  or make install
Why?
RPM_BUILD_ROOT is within /var/tmp and you just opened a trivial
race condition to a local attacker on your machine to take over
your account (or event root if you build as root).
It is better not to "rm -rf $RPM_BUILD_ROOT" in %install at all
(and rely on %clean to do it).
If you want to clean it, better do:
    %install
        rm -rf $RPM_BUILD_ROOT
        mkdir $RPM_BUILD_ROOT
    mkdir -p $RPM_BUILD_ROOT/usr ... or make install
In this case the "mkdir $RPM_BUILD_ROOT" would fail and the build would
abort if an attacker tries to replace the buildroot by his own symlink.
(or similar ;)
Ciao, Marcus
-- 
Working, but not speaking for the following german company:
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-packaging+help@opensuse.org

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[opensuse-packaging] cleaning the buildroot correctly