Re: Request for Review: dhcp-forwarder, dietlibc, ip-sentinel, util-vserver + xca

[Enrico Scholz <enrico scholz informatik tu-chemnitz de>]

bugs michael gmx net (Michael Schwendt) writes:

>> >> > BuildRoot:      %_tmppath/%name-%version-%release-buildroot
>> >> > The prevered value is
>> >> > "%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)" 
>> > ...
>> > If memory serves correctly, the %__id_u thing was not for added
>> > security, but a somewhat sane default for multi-user environments
>> 
>> "multi-user environments" implicates security measures.
>
> The obvious thing it does is to choose a different built root for every
> user.

The buildroot mentioned above (this with '%__id_u') is unique per user,
but not secure. You need a %_tmppath which is only writable by the the
actual user.



Enrico

Attachment: pgp00209.pgp
Description: PGP signature