Le mercredi 19 juillet 2006 à 22:32 +0200, Enrico Scholz a écrit : > an $RPM_BUILD_ROOT with e.g. files for symlink attacks (it should be > trivial to find the window above with inotify(2)). > > Therefore, multi-user environments are not an argument pro %(id -u). Yes it is. You are far more likely to share resources like a build system with friendlies than with attackers. So even if you don't protect against attackers, protecting against people stomping on each other is a worthwhile goal. -- Nicolas Mailhot
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
-- Fedora-packaging mailing list Fedora-packaging@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-packaging
