Re: Building packages using RPMBUILD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hello Mark,

On Thu, 2010-12-16 at 16:21 -0500, m.roth@xxxxxxxxx wrote:
> One possibility: suppose someone cracks in as the user that owns those
> directories. They could then install whatever they want in there... and
> the next time you built and installed something, it could carry their
> payload.

How would that be more of an issue using /usr/src/redhat than any other
directory?

And seeing that most builds start with either installing a srpm or
building directly in which case that srpm is also being freshly
installed how is this enabling an attacker to deliver a payload?

Regards,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux