Hi,
darix asked me to post this ;)
Quite some time ago we had the discussion how the
buildroot should be created in a secure way in %install.
BAD:
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/usr/... or make install
Why?
RPM_BUILD_ROOT is within /var/tmp and you just opened a trivial
race condition to a local attacker on your machine to take over
your account (or event root if you build as root).
It is better not to "rm -rf $RPM_BUILD_ROOT" in %install at all
(and rely on %clean to do it).
If you want to clean it, better do:
%install
rm -rf $RPM_BUILD_ROOT
mkdir $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/usr ... or make install
In this case the "mkdir $RPM_BUILD_ROOT" would fail and the build would
abort if an attacker tries to replace the buildroot by his own symlink.
(or similar ;)
Ciao, Marcus
--
Working, but not speaking for the following german company:
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
