[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#18062: [PATCH] chroot: always change to / if not changing credential
From: |
Pádraig Brady |
Subject: |
bug#18062: [PATCH] chroot: always change to / if not changing credentials |
Date: |
Sun, 27 Jul 2014 21:32:40 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 |
On 07/21/2014 10:20 PM, Bernhard Voelker wrote:
> On 07/20/2014 06:10 PM, Andreas Schwab wrote:
>> Bernhard Voelker <address@hidden> writes:
>>> And why should "chroot /" invoke chroot(2)
>>
>> What else do you expect from a command called chroot???
>
> Let's resume:
> 1) The change to skip chroot() for the root directory and
> synonyms was made for consistency with systems where this
> is already allowed for non-root users by the kernel.
> I consider this a good choice.
>
> 2) The same if-clause also skips the determination of the new
> uid/gid/supplementary groups because the result would be the same
> during the second determination _after_ chroot("/").
> Note the functionality for changing the uid/gid/suppl. groups
> had already been there and had just been improved for numeric ids.
> This therefore was an optimization to omit redundant processing,
> thus a good choice, too.
>
> 3) The choice for moving the chdir("/") inside the same if-clause
> was made because it's cool to use things like
> chroot --user=$NON_ROOT_USERNAME / env PATH="$PATH" cp -p c c2
> without the need to chdir() to the previous directory inside the
> chroot jail. Admittedly, this might break the expectations of
> some previously existing use cases - as we see in your OBS log.
> ;-(
>
> Now, what to do?
>
> a) leave it as it is?
> This would most probably break several scripts and cause much
> unexpected work for our users.
>
> b) revert part 1), i.e. chroot() for "/" again?
> This would re-introduce previous discrepancy in behavior
> on different systems.
>
> c) revert part 3), i.e. chdir("/") in any case?
> This would require some work on our tests, because we couldn't
> use commands like above as easy as this.
Drats. This change was initially discussed at:
http://lists.gnu.org/archive/html/coreutils/2014-05/msg00033.html
There I noted that we'd want to keep doing the chdir("/") for older
scripts that might assume the working dir = /.
I.E. when not invoking with --user we'd do the chdir("/"),
but then went ahead and fluffed the implementation.
Now on consideration it's probably best to not even key this change
on the --user option, and have a separate --chdir option?
I.E. since it's useful to maintain the current directory as seen
in the tests, we should be providing this functionality outside of tests also.
chroot --user=$NON_ROOT_USERNAME --chdir=. / cp -p c c2
Now the syntax is getting a bit awkward for this use case,
though not too onerous I think since it gives a little extra functionality.
thanks,
Pádraig.
- bug#18062: [PATCH] chroot: always change to / if not changing credentials, Andreas Schwab, 2014/07/20
- bug#18062: [PATCH] chroot: always change to / if not changing credentials, Bernhard Voelker, 2014/07/20
- bug#18062: [PATCH] chroot: always change to / if not changing credentials, Andreas Schwab, 2014/07/20
- bug#18062: [PATCH] chroot: always change to / if not changing credentials, Bernhard Voelker, 2014/07/20
- bug#18062: [PATCH] chroot: always change to / if not changing credentials, Andreas Schwab, 2014/07/20
- bug#18062: [PATCH] chroot: always change to / if not changing credentials, Bernhard Voelker, 2014/07/21
- bug#18062: [PATCH] chroot: always change to / if not changing credentials, Bernhard Voelker, 2014/07/22
- bug#18062: [PATCH] chroot: always change to / if not changing credentials,
Pádraig Brady <=
- bug#18062: [PATCH] chroot: always change to / if not changing credentials, Bernhard Voelker, 2014/07/31
- bug#18062: [PATCH] chroot: always change to / if not changing credentials, Pádraig Brady, 2014/07/31
- bug#18062: [PATCH] chroot: always change to / if not changing credentials, Bernhard Voelker, 2014/07/31
- bug#18062: [PATCH] chroot: always change to / if not changing credentials, Bernhard Voelker, 2014/07/31