[Bug 469585] Review Request: moon-buggy - Drive and jump with some kind of car across the moon

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=469585





--- Comment #18 from Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx>  2009-01-04 04:15:08 EDT ---
(In reply to comment #17)
> Spec URL: http://labs.linuxnetz.de/bugzilla/moon-buggy.spec
> SRPM URL: http://labs.linuxnetz.de/bugzilla/moon-buggy-1.0.51-1.src.rpm

Well,

[tasaka1@localhost moon-buggy]$ LANG=C rpmbuild --rebuild
moon-buggy-1.0.51-1.src.rpm 
Installing moon-buggy-1.0.51-1.src.rpm
error: source package expected, binary found
error: moon-buggy-1.0.51-1.src.rpm cannot be installed
[tasaka1@localhost moon-buggy]$ LANG=C rpm -ivh moon-buggy-1.0.51-1.src.rpm 
error: can't create transaction lock on /var/lib/rpm/__db.000 (Permission
denied)

Something seems broken on your srpm...
For now I unpacked your srpm by rpmdev-extract and repackaged it.
Then:

- Installing moon-buggy binary rpm rebuilt from your srpm
- as tasaka1 (i.e. non-root) execute moon-buggy
Then this creates the file "mbscore" under /var/games/moon-buggy
with (owner:group) = (tasaka1:games).
Then what happens if "tasaka1" user does some malicious things on mbscore
(as tasaka1 can modify this file) and "root" executes moon-buggy?

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Fedora-package-review mailing list
Fedora-package-review@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-package-review

[Index of Archives]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]