Mailinglist Archive: opensuse-buildservice (166 mails)

< Previous Next >
Re: [opensuse-buildservice] run commands from spec file as root
On Wed, May 14, 2014 at 6:56 PM, Bernhard Voelker
<mail@xxxxxxxxxxxxxxxxxxx> wrote:
On 05/14/2014 11:18 PM, Roman Neuhauser wrote:

limiting the privileged commandline to an invocation of a third-party
program does little to improve security.

And of course, such a whitelist must include the package name,
i.e., another package could not use the same string to circumvent
the restriction (unless it has registered the same string for
%sudo, too).

And I'd include sha-something of the source tarball. Just an idea.
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups