Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Review Request: nant https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193957 ville.skytta@xxxxxx changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|NOTABUG |NEXTRELEASE ------- Additional Comments From ville.skytta@xxxxxx 2006-07-19 11:41 EST ------- (In reply to comment #16) > A small problem with nant-0.85-5.src.rpm rebuilt on fc5: /usr/bin/nant tries > to call /var/tmp/nant-0.85-5fc5-root-user/usr/lib/NAnt/bin/NAnt.exe. That's not a small problem, it's an arbitrary command execution vulnerability. Please install fedora-rpmdevtools and add check-buildroot and friends to your ~/.rpmmacros (eg. using fedora-buildrpmtree), it catches errors like this: [...] + /usr/lib/rpm/check-buildroot /var/tmp/nant-0.85-5-buildroot-scop/usr/bin/nant:exec /usr/lib64/pkgconfig/../../bin/mono /var/tmp/nant-0.85-5-buildroot-scop/usr/lib64/NAnt/bin/NAnt.exe "$@" Found '/var/tmp/nant-0.85-5-buildroot-scop' in installed files; aborting error: Bad exit status from /var/tmp/rpm-tmp.42428 (%install) The same problem is in the package released in devel. Filed as bug 199432. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review