Hi,
On Wed, 14 Feb 2007 at 22:46, [EMAIL PROTECTED] wrote:
> rm -rf $RPM_BUILD_ROOT/*
I think this is vulnreable to a symlink attack.
If somebody has created $RPM_BUILD_ROOT as a symlink that points to
your home dir, then
rm -rf $RPM_BUILD_ROOT
will be save, as it either removes the symlink or fails if you don't
have permission to remove it, but
rm -rf $RPM_BUILD_ROOT/*
will "clean up" your home dir.
cu
Reinhard
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
