[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#18062: [PATCH] chroot: always change to / if not changing credential
From: |
Pádraig Brady |
Subject: |
bug#18062: [PATCH] chroot: always change to / if not changing credentials |
Date: |
Thu, 31 Jul 2014 10:56:15 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 |
On 07/31/2014 08:19 AM, Bernhard Voelker wrote:
> On 07/27/2014 10:32 PM, Pádraig Brady wrote:
>> Drats. This change was initially discussed at:
>> http://lists.gnu.org/archive/html/coreutils/2014-05/msg00033.html
>> There I noted that we'd want to keep doing the chdir("/") for older
>> scripts that might assume the working dir = /.
>> I.E. when not invoking with --user we'd do the chdir("/"),
>> but then went ahead and fluffed the implementation.
>
> At that point I wasn't that clear about the separation of the 3 tasks
> in chroot(1): a) chroot(2), b) chdir(2), and c) finding/setting uid/gid
> inside and outside the jail. At least a) and b) got obviously a bit
> mixed during the discussion.
>
>> Now on consideration it's probably best to not even key this change
>> on the --user option, and have a separate --chdir option?
>
> As there is such a patch out now since more than a week:
> http://lists.gnu.org/archive/html/bug-coreutils/2014-07/msg00083.html
> would anyone comment on it?
>
> Well, I took the way to add an internal "---skip-chdir" option,
> but we can turn it into a publicly-visible "--skip-chdir" easily
> if desired
I'm leaning towards that.
> - although I don't see how such a probably-shoot-yourself-
> in-the-foot option would help in real-world scripts. I think it'd
> be clearer in such scripts to explicitly "cd" into the previous
> directory.
It might not always be run from a script,
and so would be awkward to go back to the current dir.
--skip-chdir is explicit so I don't really see the danger.
We could restrict the --skip-chdir functionality to when the
specified root dir = current root dir.
> Another idea was to re-introduce a 'setuidgid' tool built from
> chroot.c without the chdir("/"), but that seemed even more awkward
> than the ---skip-chdir solution.
There are various tools already available for this (previously itemized
on this list) so I don't think it warrants another separate tool.
Given the small extension to existing chroot(1) functionality,
I thought it was worth chroot having full support for this.
cheers,
Pádraig.
- bug#18062: [PATCH] chroot: always change to / if not changing credentials, Andreas Schwab, 2014/07/20
- bug#18062: [PATCH] chroot: always change to / if not changing credentials, Bernhard Voelker, 2014/07/20
- bug#18062: [PATCH] chroot: always change to / if not changing credentials, Andreas Schwab, 2014/07/20
- bug#18062: [PATCH] chroot: always change to / if not changing credentials, Bernhard Voelker, 2014/07/20
- bug#18062: [PATCH] chroot: always change to / if not changing credentials, Andreas Schwab, 2014/07/20
- bug#18062: [PATCH] chroot: always change to / if not changing credentials, Bernhard Voelker, 2014/07/21
- bug#18062: [PATCH] chroot: always change to / if not changing credentials, Bernhard Voelker, 2014/07/22
- bug#18062: [PATCH] chroot: always change to / if not changing credentials, Pádraig Brady, 2014/07/27
- bug#18062: [PATCH] chroot: always change to / if not changing credentials, Bernhard Voelker, 2014/07/31
- bug#18062: [PATCH] chroot: always change to / if not changing credentials,
Pádraig Brady <=
- bug#18062: [PATCH] chroot: always change to / if not changing credentials, Bernhard Voelker, 2014/07/31
- bug#18062: [PATCH] chroot: always change to / if not changing credentials, Bernhard Voelker, 2014/07/31