On Di Mai 26 2009, Björn Persson wrote: > Tom "spot" Callaway wrote: > > mkdir -p `dirname "$RPM_BUILD_ROOT"`\ > > mkdir "$RPM_BUILD_ROOT"\ > > Is that somehow better than just «mkdir -p "$RPM_BUILD_ROOT"»? Just > curious. It prevents a race condition in case that $(dirname "$RPM_BUILD_ROOT") already exists or if all directories in the path to this directory are only writable by trustworthy users. In the default configuration, this was the /var/tmp directory, where every user could create a directory, make it writable for others and sneak content into the final rpm. Here is an explation, why 'mkdir -p "$RPM_BUILD_ROOT"' is vulnerable: http://lists.opensuse.org/opensuse-packaging/2007-02/msg00005.html Regards Till
Description: This is a digitally signed message part.