Bugtraq mailing list archives
Re: RPM building races
From: Jim Knoble <jmknoble () jmknoble cx>
Date: Tue, 20 Mar 2001 13:49:55 -0500
Circa 2001-Mar-19 18:52:11 +0000 dixit Ian Lynagh: : Today it became necessary for me to build an RPM for the first time. : To assist my learning I chose, randomly, gzip and had a look at it's : spec file in conjunction with reading the various documentation. The : first time I saw the reference to /tmp and /var/tmp I was worried, : and still don't see why ./redhat isn't used in the same way as : ./debian/tmp is. [...] : : [...] To exploit this race for real is difficult, and you need an account : on the machine in question, but even so I think problems like these : should be fixed. There may also be easier races in other packages. I : am not overly familiar with RPM, but I think the easiest solution : would be to set the default buildroot on all packages to be : something like ./rpm-building/%{package} or, slightly more work, to : make sure the buildroot is secure before you do anythign else in : there. : : I have not given vendors advanced warning as their build environments : are presumably secure, while it is the many sysadmins building RPMs : out there on user machines who are the ones under threat. Several things: (1) You shouldn't build software on a production machine. Ever. (2) You shouldn't build software from specfiles on any machine without inspecting the specfile. Thoroughly. Ever. (3) Many recent specfiles use the '%{_tmpdir}' macro for BuildRoot; for example: BuildRoot: %{_tmpdir}/%{name}-%{version}-%{release} %{_tmpdir} defaults to /var/tmp/; it's easy enough to change: cat >>~/.rpmmacros <<EOF %HOME %{expand:%%(cd; pwd)} %_tmpdir %{HOME}/tmp EOF (4) rpm has supported a '--buildroot' command-line option to override the value of BuildRoot: since at least 1998. Here's how to use it: rpm -ba --buildroot='${HOME}/tmp/blah' blah.spec (5) You shouldn't build and package software using RPM as a privileged user. Ever. (Well, okay---rarely). Here's how not to: mkdir -p ~/rpm/{BUILD,RPMS/{i386,noarch},SOURCES,SPECS,SRPMS} cat >>~/.rpmmacros <<EOF %HOME %{expand:%%(cd; pwd)} %_topdir %{HOME}/rpm EOF There really aren't any surprises here at all. Savvy sysadmins don't build software on systems with untrusted user accounts. -- jim knoble | jmknoble () jmknoble cx | http://www.jmknoble.cx/
Current thread:
- RPM building races Ian Lynagh (Mar 20)
- Re: RPM building races Jim Knoble (Mar 21)
- Re: RPM building races Jim Knoble (Mar 22)
- Re: RPM building races Jim Knoble (Mar 21)