From 42fafdc21313dff0e5d1972b457d5edcc589cfb0 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 20 Nov 2016 13:22:53 -0400 Subject: Debootstap: Fix too tight permissions lock down of debootstrapped chroots, which prevented non-root users from doing anything in the chroot. --- src/Propellor/Property/Debootstrap.hs | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'src/Propellor/Property/Debootstrap.hs') diff --git a/src/Propellor/Property/Debootstrap.hs b/src/Propellor/Property/Debootstrap.hs index f9737cac..f8cb6e0e 100644 --- a/src/Propellor/Property/Debootstrap.hs +++ b/src/Propellor/Property/Debootstrap.hs @@ -51,18 +51,15 @@ built :: FilePath -> System -> DebootstrapConfig -> Property Linux built target system config = built' (setupRevertableProperty installed) target system config built' :: Property Linux -> FilePath -> System -> DebootstrapConfig -> Property Linux -built' installprop target system@(System _ arch) config = - check (unpopulated target <||> ispartial) setupprop - `requires` installprop +built' installprop target system@(System _ arch) config = + go `before` oldpermfix where + go = check (unpopulated target <||> ispartial) setupprop + `requires` installprop + setupprop :: Property Linux setupprop = property ("debootstrapped " ++ target) $ liftIO $ do createDirectoryIfMissing True target - -- Don't allow non-root users to see inside the chroot, - -- since doing so can allow them to do various attacks - -- including hard link farming suid programs for later - -- exploitation. - modifyFileMode target (removeModes [otherReadMode, otherExecuteMode, otherWriteMode]) suite <- case extractSuite system of Nothing -> errorMessage $ "don't know how to debootstrap " ++ show system Just s -> pure s @@ -86,6 +83,15 @@ built' installprop target system@(System _ arch) config = return True , return False ) + + -- May want to remove this after some appropriate length of time, + -- as it's a workaround for chroots set up with too tight + -- permissions. + oldpermfix :: Property Linux + oldpermfix = property ("fixed old chroot file mode") $ do + liftIO $ modifyFileMode target $ + addModes [otherReadMode, otherExecuteMode] + return NoChange extractSuite :: System -> Maybe String extractSuite (System (Debian _ s) _) = Just $ Apt.showSuite s -- cgit v1.2.3