Hello Mark, On Thu, 2010-12-16 at 16:21 -0500, m.roth@xxxxxxxxx wrote: > One possibility: suppose someone cracks in as the user that owns those > directories. They could then install whatever they want in there... and > the next time you built and installed something, it could carry their > payload. How would that be more of an issue using /usr/src/redhat than any other directory? And seeing that most builds start with either installing a srpm or building directly in which case that srpm is also being freshly installed how is this enabling an attacker to deliver a payload? Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: Building packages using RPMBUILD
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: Re: Building packages using RPMBUILD
- From: Leonard den Ottolander <leonard@xxxxxxxxxxxxxxxxx>
- Date: Thu, 16 Dec 2010 23:03:00 +0100
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <3b66cf075e530771a70bce503b7a1e1e.squirrel@xxxxxxxxxxxxxxxxxxxxxxx>
- References:
- Building packages using RPMBUILD
- From: Keith Roberts
- Re: Building packages using RPMBUILD
- From: Leonard den Ottolander
- Re: Building packages using RPMBUILD
- From: Nico Kadel-Garcia
- Re: Building packages using RPMBUILD
- From: Leonard den Ottolander
- Re: Building packages using RPMBUILD
- From: m . roth
- Building packages using RPMBUILD
- Prev by Date: Re: Building packages using RPMBUILD
- Next by Date: Re: Building packages using RPMBUILD
- Previous by thread: Re: Building packages using RPMBUILD
- Next by thread: Re: Building packages using RPMBUILD
- Index(es):
 |