Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=469585 --- Comment #18 from Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> 2009-01-04 04:15:08 EDT --- (In reply to comment #17) > Spec URL: http://labs.linuxnetz.de/bugzilla/moon-buggy.spec > SRPM URL: http://labs.linuxnetz.de/bugzilla/moon-buggy-1.0.51-1.src.rpm Well, [tasaka1@localhost moon-buggy]$ LANG=C rpmbuild --rebuild moon-buggy-1.0.51-1.src.rpm Installing moon-buggy-1.0.51-1.src.rpm error: source package expected, binary found error: moon-buggy-1.0.51-1.src.rpm cannot be installed [tasaka1@localhost moon-buggy]$ LANG=C rpm -ivh moon-buggy-1.0.51-1.src.rpm error: can't create transaction lock on /var/lib/rpm/__db.000 (Permission denied) Something seems broken on your srpm... For now I unpacked your srpm by rpmdev-extract and repackaged it. Then: - Installing moon-buggy binary rpm rebuilt from your srpm - as tasaka1 (i.e. non-root) execute moon-buggy Then this creates the file "mbscore" under /var/games/moon-buggy with (owner:group) = (tasaka1:games). Then what happens if "tasaka1" user does some malicious things on mbscore (as tasaka1 can modify this file) and "root" executes moon-buggy? -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review