On Wed, Mar 14, 2007 at 01:41:40AM +0100, Enrico Scholz wrote: > ville.skytta@xxxxxx (Ville Skyttä) writes: > > >> > %install > >> > rm -rf $RPM_BUILD_ROOT > >> > mkdir $RPM_BUILD_ROOT # this fails when $RPM_BUILD_ROOT already exists > >> > >> Will work; > > > > ...but will break in setups where some subdirs of $RPM_BUILD_ROOT are missing > > before %install. This wouldn't suffer from that drawback: > > > > %install > > rm -rf $RPM_BUILD_ROOT > > mkdir -p $(dirname $RPM_BUILD_ROOT) ; mkdir $RPM_BUILD_ROOT > > ... but opens a new attack vector because attacker could do > > | mkdir -m777 -p $(dirname $RPM_BUILD_ROOT) > | ... wait until victim executes the first 2 %install lines > | mv $RPM_BUILD_ROOT $(dirname $RPM_BUILD_ROOT)/old-buildroot > | mkdir $RPM_BUILD_ROOT > > (easy to automate by some inotify in $(dirname $RPM_BUILD_ROOT)) Nice catch. I agree with Enrico, if we start trying to fix that, too, we end up with a loop of mkdir's (w/o -p) from outer to inner with testing ownerships/permissions and so on. This would then bloat to take over most of the %install section. We already have resistance to adding a single mkdir line. :/ Instead the plain mkdir solution *will* fail, making the user rethink about his setup. If the user wants to build all his stuff under /var/tmp/<user>/... (which is a legitimate setup, of course), he needs to first create the basic sceleton with proper permissions, and the failure will make him do that. Otherwise we create scenarios like Enrico describes. E.g. The buildroot setting should assume that the parent folders are all properly set up beforehand, including existance, ownership and permissions. Then we only need an rm/mkdir pair. -- Axel.Thimm at ATrpms.net
Attachment:
pgpuES1rOPWTk.pgp
Description: PGP signature
-- Fedora-packaging mailing list Fedora-packaging@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-packaging
