summaryrefslogtreecommitdiff
path: root/doc/todo
diff options
context:
space:
mode:
authorJoey Hess2016-11-20 13:22:53 -0400
committerJoey Hess2016-11-20 13:22:53 -0400
commit42fafdc21313dff0e5d1972b457d5edcc589cfb0 (patch)
tree8f8966e009487ea07c3e78ab0110ad22e1d0ca0f /doc/todo
parentecdadab656528eec0b73b34ce9a43166677b4a09 (diff)
Debootstap: Fix too tight permissions lock down of debootstrapped chroots, which prevented non-root users from doing anything in the chroot.
Diffstat (limited to 'doc/todo')
-rw-r--r--doc/todo/userScriptProperty_fails_inside_a_debootstrapped_chroot.mdwn2
-rw-r--r--doc/todo/userScriptProperty_fails_inside_a_debootstrapped_chroot/comment_1_75ae52da0638ff6ea1c04820091b89f3._comment23
2 files changed, 25 insertions, 0 deletions
diff --git a/doc/todo/userScriptProperty_fails_inside_a_debootstrapped_chroot.mdwn b/doc/todo/userScriptProperty_fails_inside_a_debootstrapped_chroot.mdwn
index d42d4f79..c4464d03 100644
--- a/doc/todo/userScriptProperty_fails_inside_a_debootstrapped_chroot.mdwn
+++ b/doc/todo/userScriptProperty_fails_inside_a_debootstrapped_chroot.mdwn
@@ -21,3 +21,5 @@ I can obtain the error manually as follows. My `/tmp` is not mounted `noexec`.
Cannot execute /bin/sh: Permission denied
--spwhitton
+
+> [[fixed|done]] --[[Joey]]
diff --git a/doc/todo/userScriptProperty_fails_inside_a_debootstrapped_chroot/comment_1_75ae52da0638ff6ea1c04820091b89f3._comment b/doc/todo/userScriptProperty_fails_inside_a_debootstrapped_chroot/comment_1_75ae52da0638ff6ea1c04820091b89f3._comment
new file mode 100644
index 00000000..89bb17f1
--- /dev/null
+++ b/doc/todo/userScriptProperty_fails_inside_a_debootstrapped_chroot/comment_1_75ae52da0638ff6ea1c04820091b89f3._comment
@@ -0,0 +1,23 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2016-11-20T16:55:25Z"
+ content="""
+This is due to `Debootstrap.built'` removing world read access from the
+chroot it creates.
+
+So, /tmp/sid/ is not accessible by spwhitton, and when su
+has switched id to spwhitton, it can't access anything inside the chroot.
+
+See commit f6afeb889f4b11418daac7825c1adb1df4ff145c for when this was
+added. I think that the risk of farming old security vulnerabilities from
+chroots is real, but this is not a good approach for a fix.
+
+(It would work to put the chroot in a parent
+directory that is itself not world readable, then the root directory inside the
+chroot would be world readable. But this would require relocating existing
+chroots. At least when chroots are used for systemd containers,
+/var/lib/container has appropriately locked down permissions anyway.)
+
+I'm reverting that commit, and adding some permissions fixup code.
+"""]]