* Mattia Rizzolo <mat...@mapreri.org>, 2015-08-04, 07:41:
pbuilder builds the package in $BUILDPLACE/tmp/buildd. But
$BUILDPLACE/tmp is normally world-writable, and pbuilder doesn't fail
if the buildd direcory already exists:
mkdir -p "$BUILDPLACE/tmp/buildd"
There's a race window between unpacking base.tgz and the mkdir call
when malicious local user could create their own
$BUILDPLACE/tmp/buildd. Owning the buildd directory would let them
tamper with the build process.
Alternatively, the attacker could exploit #789401 to plant tmp/buildd
directly in base.tgz.
I think I'm going to solve both this and #789401 by making /tmp/buildd
configurable
Right. Moving the build directory outside /tmp will should fix this bug.
I don't see how changing it can fix #789401, though.
and defaulting to another place, maybe the one used by sbuild (/buildd
iirc)
It's "/build" (with a single "d").
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
