1,885
edits
Changes
→Security-Related Projects
== Security-Related Projects ==
=== Mock chroot-break/Privilege Escalation Risk Assessment ==-=
Mock uses chroot environments for building. It is possible to break out of a chroot environment. An intentionally-malicious package could potentially break out of a chroot and wreak havoc on the build system. Alternately, a privilege escalation exploit could be used to cause similar issues (without necessarily breaking out of the chroot).