Removing %clean

Joe Nall joe at nall.com
Tue May 26 21:20:11 UTC 2009


On May 26, 2009, at 3:50 PM, Till Maas wrote:

> On Di Mai 26 2009, Björn Persson wrote:
>> Tom "spot" Callaway wrote:
>>>    mkdir -p `dirname "$RPM_BUILD_ROOT"`\
>>>    mkdir "$RPM_BUILD_ROOT"\
>>
>> Is that somehow better than just «mkdir -p "$RPM_BUILD_ROOT"»? Just
>> curious.
>
> It prevents a race condition in case that $(dirname  
> "$RPM_BUILD_ROOT") already
> exists or if all directories in the path to this directory are only  
> writable
> by trustworthy users. In the default configuration, this was the / 
> var/tmp
> directory, where every user could create a directory, make it  
> writable for
> others and sneak content into the final rpm. Here is an explation,  
> why 'mkdir
> -p "$RPM_BUILD_ROOT"' is vulnerable:
>
> http://lists.opensuse.org/opensuse-packaging/2007-02/msg00005.html

Or polyinstantiate /var/tmp

joe






More information about the fedora-devel-list mailing list