On May 26, 2009, at 3:50 PM, Till Maas wrote:
On Di Mai 26 2009, Björn Persson wrote:
Tom "spot" Callaway wrote:
mkdir -p `dirname "$RPM_BUILD_ROOT"`\
mkdir "$RPM_BUILD_ROOT"\
Is that somehow better than just «mkdir -p "$RPM_BUILD_ROOT"»? Just
curious.
It prevents a race condition in case that $(dirname
"$RPM_BUILD_ROOT") already
exists or if all directories in the path to this directory are only
writable
by trustworthy users. In the default configuration, this was the /
var/tmp
directory, where every user could create a directory, make it
writable for
others and sneak content into the final rpm. Here is an explation,
why 'mkdir
-p "$RPM_BUILD_ROOT"' is vulnerable:
http://lists.opensuse.org/opensuse-packaging/2007-02/msg00005.html
Or polyinstantiate /var/tmp
joe
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
