bug-coreutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#18062: [PATCH] chroot: always change to / if not changing credential

From: Pádraig Brady
Subject: bug#18062: [PATCH] chroot: always change to / if not changing credentials
Date: Sun, 27 Jul 2014 21:32:40 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 
On 07/21/2014 10:20 PM, Bernhard Voelker wrote:
> On 07/20/2014 06:10 PM, Andreas Schwab wrote:
>> Bernhard Voelker <address@hidden> writes:
>>> And why should "chroot /" invoke chroot(2)
>>
>> What else do you expect from a command called chroot???
> 
> Let's resume:
> 1) The change to skip chroot() for the root directory and
> synonyms was made for consistency with systems where this
> is already allowed for non-root users by the kernel.
> I consider this a good choice.
> 
> 2) The same if-clause also skips the determination of the new
> uid/gid/supplementary groups because the result would be the same
> during the second determination _after_ chroot("/").
> Note the functionality for changing the uid/gid/suppl. groups
> had already been there and had just been improved for numeric ids.
> This therefore was an optimization to omit redundant processing,
> thus a good choice, too.
> 
> 3) The choice for moving the chdir("/") inside the same if-clause
> was made because it's cool to use things like
>   chroot --user=$NON_ROOT_USERNAME / env PATH="$PATH" cp -p c c2
> without the need to chdir() to the previous directory inside the
> chroot jail.  Admittedly, this might break the expectations of
> some previously existing use cases - as we see in your OBS log.
> ;-(
> 
> Now, what to do?
> 
> a) leave it as it is?
> This would most probably break several scripts and cause much
> unexpected work for our users.
> 
> b) revert part 1), i.e. chroot() for "/" again?
> This would re-introduce previous discrepancy in behavior
> on different systems.
> 
> c) revert part 3), i.e. chdir("/") in any case?
> This would require some work on our tests, because we couldn't
> use commands like above as easy as this.

Drats. This change was initially discussed at:
http://lists.gnu.org/archive/html/coreutils/2014-05/msg00033.html
There I noted that we'd want to keep doing the chdir("/") for older
scripts that might assume the working dir = /.
I.E. when not invoking with --user we'd do the chdir("/"),
but then went ahead and fluffed the implementation.

Now on consideration it's probably best to not even key this change
on the --user option, and have a separate --chdir option?
I.E. since it's useful to maintain the current directory as seen
in the tests, we should be providing this functionality outside of tests also.

  chroot --user=$NON_ROOT_USERNAME --chdir=. / cp -p c c2

Now the syntax is getting a bit awkward for this use case,
though not too onerous I think since it gives a little extra functionality.

thanks,
Pádraig.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]