[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Request for Review: dhcp-forwarder, dietlibc, ip-sentinel, util-vserver + xca



On Wed, 30 Mar 2005 20:17:42 +0200, Enrico Scholz wrote:

> >> >> > BuildRoot:      %_tmppath/%name-%version-%release-buildroot
> >> >> > The prevered value is
> >> >> > "%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)" 
> >> > ...
> >> > If memory serves correctly, the %__id_u thing was not for added
> >> > security, but a somewhat sane default for multi-user environments
> >> 
> >> "multi-user environments" implicates security measures.
> >
> > The obvious thing it does is to choose a different built root for every
> > user.
> 
> The buildroot mentioned above (this with '%__id_u') is unique per user,
> but not secure. You need a %_tmppath which is only writable by the the
> actual user.

The proposed default buildroot does not have security as a goal.  It is a
suggested default, not mandatory. Can we end this thread now, please?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]