[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFH: Insecure directory creation?

On Fri, Dec 22, 2006, Javier Fernández-Sanguino Peña wrote:
> I don't know how mach operates precisely, would you care to elaborate how and
> when does it use /var/tmp/mach/? What files are created there? What control
> does the user have on the content or naming of those files?

 First, /var/tmp/mach itself is currently shipped in the package (.deb)
 itself; it serves as the base directory to copy over RPM files.

 When you create a chroot to e.g. build packages, you invoke:
    mach -r centos-4-i386-os setup base

 Only users in the mach group may run the "mach-helper" SUID root
 helper which can do the chroot() syscall or run package management
 tools in the chroot (such as yum).

 The configs of the chroot are stored in /var/lib/mach/states, the
 packages to create the chroot are downloaded into /var/cache/mach/, and
 the chroot itself is under /var/lib/mach/roots.

 Once the chroot is created, you can build packages with a spec file:
    mach -r centos-4-i386-os build libX11.spec
 this will install the necessary packages and build-deps in the chroot
 and copy the source package into the chroot.  This is what happens for
 example in:
 (here centos-4-i386-os is the chroot name and libX11-1.0.3-6 the source
 And mach will also copy the spec file to hand to rpmbuild into:

Loïc Minier <lool@dooz.org>
 "Forget your stupid theme park! I'm gonna make my own! With hookers!
  And blackjack! In fact, forget the theme park!"          -- Bender

Reply to: