[arch-projects] [devtools] [PATCH 2/2] makechrootpkg: build as same UID as invoker
Sébastien Luttringer
seblu at seblu.net
Tue Sep 30 21:23:50 UTC 2014
On 22/09/2014 14:35, Dave Reisner wrote:
> Changing UID to that of 'nobody' is arbitrary at best, and an
> information leak at worst. Let's just drop back to the same UID of the
> invoker.
Which information is leaking?
This should also fix the permission issue on file introduced by bind
mounting $startdir instread of copying and have files owned by nobody.
Nice patch!
--
Sébastien "Seblu" Luttringer
https://seblu.net | Twitter: @seblu42
GPG: 0x2072D77A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 815 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-projects/attachments/20140930/c7201f05/attachment.bin>
More information about the arch-projects
mailing list