Le mercredi 19 juillet 2006 à 22:32 +0200, Enrico Scholz a écrit :
an $RPM_BUILD_ROOT with e.g. files for symlink attacks (it should be
trivial to find the window above with inotify(2)).
Therefore, multi-user environments are not an argument pro %(id -u).
Yes it is.
You are far more likely to share resources like a build system with
friendlies than with attackers. So even if you don't protect against
attackers, protecting against people stomping on each other is a
worthwhile goal.
--
Nicolas Mailhot