Re: RFH: Insecure directory creation?
On Fri, Dec 22, 2006, Javier Fernández-Sanguino Peña wrote:
> I don't know how mach operates precisely, would you care to elaborate how and
> when does it use /var/tmp/mach/? What files are created there? What control
> does the user have on the content or naming of those files?
First, /var/tmp/mach itself is currently shipped in the package (.deb)
itself; it serves as the base directory to copy over RPM files.
When you create a chroot to e.g. build packages, you invoke:
mach -r centos-4-i386-os setup base
Only users in the mach group may run the "mach-helper" SUID root
helper which can do the chroot() syscall or run package management
tools in the chroot (such as yum).
The configs of the chroot are stored in /var/lib/mach/states, the
packages to create the chroot are downloaded into /var/cache/mach/, and
the chroot itself is under /var/lib/mach/roots.
Once the chroot is created, you can build packages with a spec file:
mach -r centos-4-i386-os build libX11.spec
this will install the necessary packages and build-deps in the chroot
and copy the source package into the chroot. This is what happens for
(here centos-4-i386-os is the chroot name and libX11-1.0.3-6 the source
And mach will also copy the spec file to hand to rpmbuild into:
Loïc Minier <email@example.com>
"Forget your stupid theme park! I'm gonna make my own! With hookers!
And blackjack! In fact, forget the theme park!" -- Bender