Copilot commented on code in PR #50359:
URL: https://github.com/apache/arrow/pull/50359#discussion_r3520430360


##########
dev/release/binary/Dockerfile:
##########
@@ -40,6 +40,8 @@ RUN \
 
 RUN gem install apt-dists-merge -v ">= 1.0.2"
 
+RUN chmod 1777 /var/lib/rpm

Review Comment:
   `chmod 1777 /var/lib/rpm` makes the RPM database directory world-writable, 
which is broader than needed and can allow unintended modification of the RPM 
DB (even in a container). A tighter approach is to grant write access only to 
the Arrow user’s group (GID 10000 here) and keep the directory 
non-world-writable.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to