[CentOS] Building packages using RPMBUILD

m.roth at 5-cent.us m.roth at 5-cent.us
Thu Dec 16 21:21:16 UTC 2010


Leonard den Ottolander wrote:
> Hello Nico,
>
> On Thu, 2010-12-16 at 15:20 -0500, Nico Kadel-Garcia wrote:
>> On Thu, Dec 16, 2010 at 11:00 AM, Leonard den Ottolander
>> > /usr/src/redhat and sub dirs are owned root.root. If you want to build
>> > as a normal user (and you should!) you should fix the ownership of
>> > those directories.
>>
>> NO. Never do this.
>
> Why would that be a problem?

One possibility: suppose someone cracks in as the user that owns those
directories. They could then install whatever they want in there... and
the next time you built and installed something, it could carry their
payload.

          mark




More information about the CentOS mailing list