[Rpm-maint] Automatic BuildRoot by default?
Stanislav Brabec
sbrabec at suse.cz
Thu Jun 12 15:53:34 UTC 2008
Tom "spot" Callaway wrote:
> On Thu, 2008-06-12 at 16:32 +0200, Stanislav Brabec wrote:
> > If rpmbuild itself
> > will do rmdir()+mkdir() safely (correct privileges, force fail if
> > directory exists and it is not possible to remove it), then the worst
> > problem with the static BuildRoot is a DoS.
>
> I generally agree with this statement. I'm not sure I would downplay the
> DoS as you do, but it is definitely less severe.
DoS is ugly, but as current static design of RPM directories causes many
annoying unwanted DoS problems (see previous mail), I will leave this
one.
When all standard paths will be implicit, it would be possible to create
simple rpmbuild-in-home script, which will redirect all these
directories to dedicated directories to home.
> We dodge this issue in Fedora by building all our packages in contained
> mock environments on secured builders, but it is something that should
> be addressed as we're tackling BuildRoot issues.
openSUSE use chroots inside Xen secured build hosts in Build Service.
--
Best Regards / S pozdravem,
Stanislav Brabec
software developer
---------------------------------------------------------------------
SUSE LINUX, s. r. o. e-mail: sbrabec at suse.cz
Lihovarská 1060/12 tel: +420 284 028 966, +49 911 740538747
190 00 Praha 9 fax: +420 284 028 951
Czech Republic http://www.suse.cz/
More information about the Rpm-maint
mailing list