From: Richard Purdie <richard.purdie@linuxfoundation.org>
To: Gary Thomas <gary@mlbassoc.com>
Cc: Yocto Project <yocto@yoctoproject.org>
Subject: Re: Change in 'devshell' behaviour
Date: Fri, 19 Apr 2013 16:03:20 +0100 [thread overview]
Message-ID: <1366383800.10502.132.camel@ted> (raw)
In-Reply-To: <51715A12.60007@mlbassoc.com>
On Fri, 2013-04-19 at 08:52 -0600, Gary Thomas wrote:
> CAUTION!! giant security hole awaits!
>
> I've just discovered that recent Poky/Yocto runs 'devshell' as ROOT!
>
> If I run 'bitbake SOME-RECIPE -c devshell' with a somewhat older
> metadata (poky rev 09359e6ec00901abfe49157f1f9730117b4d284b)
> the shell is run using my user id.
>
> With a newer poky rev 90b98764555945a186562ca8d501a9585ce2b23f,
> the shell runs as 'root'.
>
> This change came with this revision:
>
> commit 4dc31a327be1a506e78e1d028db08ceee22a216f
> Author: Richard Purdie <richard.purdie@linuxfoundation.org>
> Date: Thu Mar 28 13:17:12 2013 +0000
>
> base.bbclass: When we use fakeroot, also use it for devshell
>
> Its generally useful for devshell to end up in the fakeroot environment. If
> a user needs to exit it, PSEUDO_UNLOAD=1 <command> works, its usually
> harder to enter the envionment.
>
> [YOCTO #3374]
>
> (From OE-Core rev: e6ffc747a8ca5142c9bc6fbd2b06b5808bb38b02)
>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
>
> Isn't this a horrible security flaw? Or is 'fakeroot' actually safe?
> The change description doesn't tell me why it's "useful".
>
> Whatever the case, to me at least it's very unnerving...
I think the key word to look at here is "fake". You'll find you can't do
anything nasty to your system you couldn't do as your normal user
account and this is purely emulation.
This "root" context is the one do_install, do_populate_sysroot and other
tasks run under so that we can give files owners and permissions in the
packages. We chose to give it more visibility since its actually useful
for debugging several types of problems. For example, you can look
around the rootfs from the rootfs task and see real users as it would
get tarballed up.
You can get your normal shell back with "PSEUDO_UNLOAD=1 bash", which is
much easier than trying to get into the pseudo context in the first
place.
So please rest assured there is no security issue here.
Cheers,
Richard
prev parent reply other threads:[~2013-04-19 15:03 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-19 14:52 Change in 'devshell' behaviour Gary Thomas
2013-04-19 15:03 ` Richard Purdie [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1366383800.10502.132.camel@ted \
--to=richard.purdie@linuxfoundation.org \
--cc=gary@mlbassoc.com \
--cc=yocto@yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.