Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] SuSE Security Announcement: openssh (SuSE-SA:2001:045) (re-released SuSE-SA:2001:044)
  • From: Gerhard Sittig <Gerhard.Sittig@xxxxxxx>
  • Date: Mon, 10 Dec 2001 19:08:13 +0100
  • Message-id: <20011210190813.A1490@xxxxxxxxxxxxxxxxxxxxxxx>
On Mon, Dec 10, 2001 at 11:26 +1300, v.kuhlmann@xxxxxxxxxxxxxxxxxxxxx wrote:
> > > DANGER:
> > > as far as i can remeber rpm -ba (build all) might also do an install
> > > on newer rpms the installation might be not in root but if it is
> > > the old ssh is overwritten.
> >
> > Wow, and they say most drugs don't affect the memory. Unless you have an
> > extremely non standard version of RPM (hint: you do not) rpm -ba builds
> > source and nbinary rpm's, which are simply dropped into /usr/src/suse/RPMS/
> > whatever. You have to install them yourself.
>
> Careful Kurt, that's not correct. Depending on how the spec file is
> written, a full install is executed. Not doing this full install can
> make building the binary rpm rather difficult at times. Of course, not
> running rpm -ba as root is always a very good idea.

I always was under the impression that the build and installation
was done in a *different* location than the place the binary rpm
installs to (read: the build is done in a temporary scrap space).
Only _installing_ the _binary_ rpm -- no matter if it's the
vendor's or your roll-your-own one -- will make the stuff appear
in your system (show up in the expected location) and maybe
clobber existing stuff which is in the way. As long as you only
build sources nothing but a little bit of temp space should be
involved. Yes, the system might get examined for dependencies
while configuring things before the build. I'm not positive if
it takes priviledges to do this and I doubt that it should. But
the system should definitely *not* be modified at compilation
time! Should this have changed, you might want to contact the
rpm's author and ask him to unbreak his software. Think of a
build cluster which gets "updated" on the fly while it's just
supposed to compile things. And think of installs which fail
since the missing step is done at compile time. This looks wrong
to me ... And why do we discuss build "problems" on -security?


virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@xxxxxxx
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.

< Previous Next >
References