[Rpm-maint] Automatic BuildRoot by default?

Stanislav Brabec sbrabec at suse.cz
Thu Jun 12 15:53:34 UTC 2008


Tom "spot" Callaway wrote:
> On Thu, 2008-06-12 at 16:32 +0200, Stanislav Brabec wrote:
> > If rpmbuild itself
> > will do rmdir()+mkdir() safely (correct privileges, force fail if
> > directory exists and it is not possible to remove it), then the worst
> > problem with the static BuildRoot is a DoS.
> 
> I generally agree with this statement. I'm not sure I would downplay the
> DoS as you do, but it is definitely less severe.

DoS is ugly, but as current static design of RPM directories causes many
annoying unwanted DoS problems (see previous mail), I will leave this
one.

When all standard paths will be implicit, it would be possible to create
simple rpmbuild-in-home script, which will redirect all these
directories to dedicated directories to home.

> We dodge this issue in Fedora by building all our packages in contained
> mock environments on secured builders, but it is something that should
> be addressed as we're tackling BuildRoot issues.

openSUSE use chroots inside Xen secured build hosts in Build Service.

-- 
Best Regards / S pozdravem,

Stanislav Brabec
software developer
---------------------------------------------------------------------
SUSE LINUX, s. r. o.                          e-mail: sbrabec at suse.cz
Lihovarská 1060/12           tel: +420 284 028 966, +49 911 740538747
190 00 Praha 9                                  fax: +420 284 028 951
Czech Republic                                    http://www.suse.cz/




More information about the Rpm-maint mailing list