On Mi März 14 2007, Axel Thimm wrote: > Yes, once, but in the right time window, which is when between when the > scriplet is written to disk and being executed. So the attacker has to win > two races, not only one, and the grep itself and subsequent text parsing > takes more time than the script's rm/mkdir. In the rpm-tmp files I have on my system, there is not only the install part in the file, but also the build part. So I assume that after the file is created and the attackers knows the buildroot, he has all the time until %build is finished, to prepare the race betwenn rm/mkdir in %install. Regards, Till -- Fedora-packaging mailing list Fedora-packaging@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-packaging
