SPECS: webCDwriter.spec - correct atributes in %file
Elan Ruusamäe
glen at delfi.ee
Sun Oct 2 20:31:06 CEST 2005
On Sunday 02 October 2005 21:27, Elan Ruusamäe wrote:
> > ---- Log message:
> > - correct atributes in %file
> > +for tool in cdrdao cdrecord mkisofs readcd
> > +do
> > + if [ ! -e %{_bindir}/CDWserver/bin/$tool ]; then
> > + if [ -e %{_bindir}/$tool ]; then
> > + cp -af %{_bindir}/$tool %{_bindir}/CDWserver/bin/ || :
> > + else
> > + cp -af /usr/local/bin/$tool %{_bindir}/CDWserver/bin/ 2> /dev/null
> > ||
> >
> > : + fi
> >
> > + fi
> > + if [ -e %{_bindir}/CDWserver/bin/$tool ]; then
> > + %{__chown} root:%{CDWgroup} %{_bindir}/CDWserver/bin/$tool || :
> > + %{__chmod} 4750 %{_bindir}/CDWserver/bin/$tool || :
> > + fi
> > +done
>
> this is nonsense. please find other way to accomplish this.
>
> copying binaries outside of rpm database, and even worse, making them suid,
> makes the system vulnreable even the original packages were updated. and
> this is done in %post? at least it should come with big fat warning and
> being seprate script which admin may run if he wants (but not automatically
> in %post)
>
> even simple sudo could be better solution.
ah, one more, i need no suid to burn cds-dvds under linux 2.6. proper
permissions on /dev/cdrom are sufficent!
--
glen
More information about the pld-devel-en
mailing list