[Rpm-maint] Automatic BuildRoot by default?

Stanislav Brabec sbrabec at suse.cz
Thu Jun 12 14:32:27 UTC 2008


Tom "spot" Callaway wrote:
> On Thu, 2008-06-12 at 14:48 +0200, Jindrich Novy wrote:
> 
> > Opinions?
> 
> One of the reasons why the mktemp option is appealing is because it is
> not predictable, and helps lessen the security risks of knowing where
> the buildroot is going to be and inserting malicious files. 

This security problem exists from the early rpm versions and comes from
lines:
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT

Anybody can use race condition to create more permissive directory.
Using mktemp() and keeping these lines in spec files will not improve
security in any way.

Secure build implies change of spec coding style. If rpmbuild itself
will do rmdir()+mkdir() safely (correct privileges, force fail if
directory exists and it is not possible to remove it), then the worst
problem with the static BuildRoot is a DoS. I think that local DoS on
rpmbuild is not a problem, because it already exists: one user adding
foo.spec to SPECS makes impossible to build foo by anybody else.

The "safe BuildRoot create" patch already exists in openSUSE.

> The only reason we use mktemp in there is because we couldn't make rpm
> code changes to use the native glibc functions. As to rpm
> --short-circuit, well, I honestly think we should think long and hard
> about whether we want to keep it around.

If mktemp() would be preferred anyway, rpmbuild could store
package<->buildroot map in home directory. But I think, that it is an
overkill, as build directories and source directories are static.

Really paranoid people can still redefine all these directories, and
with introduction of implicit BuildRoot, they will be happy as well.
Here is an example for redefinition of sourcedir and builddir into $PWD:

#!/bin/bash

RPMDIR=$PWD/BUILD/.var.rpmpatch

rm -rf BUILD
mkdir -p $RPMDIR
cat >$RPMDIR/macros <<EOF
%_sourcedir      $PWD
%_builddir       $PWD/BUILD
EOF

cat >$RPMDIR/rpmrc <<EOF
$(grep macrofiles /usr/lib/rpm/rpmrc):$RPMDIR/macros
EOF

eval rpmbuild --rcfile /usr/lib/rpm/rpmrc:$RPMDIR/rpmrc "$@"

-- 
Best Regards / S pozdravem,

Stanislav Brabec
software developer
---------------------------------------------------------------------
SUSE LINUX, s. r. o.                          e-mail: sbrabec at suse.cz
Lihovarská 1060/12           tel: +420 284 028 966, +49 911 740538747
190 00 Praha 9                                  fax: +420 284 028 951
Czech Republic                                    http://www.suse.cz/




More information about the Rpm-maint mailing list