Bug 15891 - RFE: default %defattr value
Summary: RFE: default %defattr value
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: rpm-build (Show other bugs)
(Show other bugs)
Version: 1.0
Hardware: All Linux
Target Milestone: ---
Assignee: Jeff Johnson
QA Contact:
Keywords: FutureFeature
Depends On:
TreeView+ depends on / blocked
Reported: 2000-08-09 21:22 UTC by Dmitry V. Levin
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-02-21 19:07:11 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Dmitry V. Levin 2000-08-09 21:22:55 UTC
To simplify .spec-files for building packages in BUILDROOT environment,
I suggest to use value of %_defattr macro (if any) as default %defattr
instead of currently used (-,-,-,-).
%_defattr should be defined somewhere in /usr/lib/rpm/macros, for example,
%_defattr       %%defattr(-,root,root,755)
Of course, %defattr directive overrides value of %_defattr macro in each
%file section where %defattr ever used.

Patch to rpm-3.0.5 listed below:
--- rpm-3.0.5/build/files.c~	Mon Jun 26 21:28:51 2000
+++ rpm-3.0.5/build/files.c	Fri Jun 30 05:52:28 2000
@@ -1221,6 +1221,8 @@
     s = getStringBuf(pkg->fileList);
     files = splitString(s, strlen(s), '\n');
+	parseForAttr(rpmExpand("%_defattr", NULL), &fl);
     for (fp = files; *fp != NULL; fp++) {
 	s = *fp;

Comment 1 Pavel Roskin 2001-01-10 20:40:44 UTC
It's a serious security problem.

RPM allows to build packages a normal user. In this case it hardcodes the
user ID of the builder into the package, unless the attributes of the
files are overwritten by the "%defattr" tag.

This means that if I build the RPM with "rpm -tb foo.tgz" as user and
install the package as root, the installed files are owned by me, user!

This is a very bad default behaviour of RPM and should be corrected.

Regarding the proposed patch, I doubt that it can be applied as is because
of backward compatibility concerns. Some packages are buildable only as root
and they rely on the current default value of %defattr.

My proposal (also not ideal) - if the package is built by a normal user,
replace the UID and GID of that user with "root" before applying the
%defattr rules.

Comment 2 Jeff Johnson 2001-02-21 19:07:06 UTC
rpm *always* uses the uid/gid from the header metadata, never uses the uid/gid
in payload
headers, so the scope of this problem is basically to use of rpm2cpio to extract
the payload
outside of rpm.

The right thing to do is to map the uid/gid when creating the payload, using
the same values as are in the metadata, and then to make use of %defattr on by
rather than off by default. 

FWIW, I see little reason to implement as you've suggested, but every reason to
use of %defattr (with appropriate configurable defaults of course, just not a
macro as you've
suggested) on by default.

Changing component.

Comment 3 Jeff Johnson 2002-02-05 18:02:23 UTC
rpm-4.0.4 contains a commented out macro for %files
in /usr/lib/rpm/<arch>-linux/macros. Uncommenting
the macro will insert a %defattr(-,root,root) right
after a %files marker.

This gets the job done almost everywhere, but cannot
be enabled by default because of current packaging

Note You need to log in before you can comment on or make changes to this bug.