[Fedora-packaging] Re: buildroot race condition
Axel Thimm
Axel.Thimm at ATrpms.net
Mon Mar 12 22:19:30 UTC 2007
On Mon, Mar 12, 2007 at 04:05:58PM -0500, Tom 'spot' Callaway wrote:
> On Mon, 2007-03-12 at 16:30 -0400, Bill Nottingham wrote:
> > Rex Dieter (rdieter at math.unl.edu) said:
> > > How is that a race exactly? rm doesn't exit/return until it is done, afaik.
> >
> > Someone could pre-make the build root in between the rm and mkdir calls.
>
> Erm, ok. In the buildsystem, this should never happen (hooray mock), but
> when building on a multi-user system, I can see the remote possibility.
Hey, our new preferred buildroot makes it even harder to guess the
Buildroot name, hooray2 ;)
> It would be far easier for an attacker to leverage wildcarding in %files
> while a package is building, wait for it to perform make install, then
> slide in their malicious bits.
How would the attacker do that if the buildroot belongs to another user?
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/packaging/attachments/20070312/c385f1ab/attachment.bin
More information about the packaging
mailing list