[Rpm-maint] Automatic BuildRoot by default?
Tom "spot" Callaway
tcallawa at redhat.com
Thu Jun 12 15:17:16 UTC 2008
On Thu, 2008-06-12 at 16:32 +0200, Stanislav Brabec wrote:
> If rpmbuild itself
> will do rmdir()+mkdir() safely (correct privileges, force fail if
> directory exists and it is not possible to remove it), then the worst
> problem with the static BuildRoot is a DoS.
I generally agree with this statement. I'm not sure I would downplay the
DoS as you do, but it is definitely less severe.
We dodge this issue in Fedora by building all our packages in contained
mock environments on secured builders, but it is something that should
be addressed as we're tackling BuildRoot issues.
~spot
More information about the Rpm-maint
mailing list