| 1 |
On 28-02-2008 11:42:01 +0100, Michael Weiser wrote: |
| 2 |
> On Wed, Feb 27, 2008 at 06:19:39PM -0600, Jeremy wrote: |
| 3 |
> |
| 4 |
> >> I'm afraid not, because when installing as user michael dosbin can't |
| 5 |
> >> chown a file to root:amanda and chmod it 1750. I'd have to fix |
| 6 |
> >> permissions manually all the time. |
| 7 |
> |
| 8 |
> > Support for serveice scripts or daemons that run as root are not currently |
| 9 |
> > supported. See bug #196294 if you would like to contribute. the baselayout |
| 10 |
> > version in prefix is really old and needs alot of work. |
| 11 |
> |
| 12 |
> Since Mac OS X now consistently uses launchd, which is hugely different |
| 13 |
> from sysvinit/inetd, I expected and accepted that. I'm looking for |
| 14 |
> root-safeness. |
| 15 |
> |
| 16 |
> I'll have a go this evening at: |
| 17 |
> |
| 18 |
> - compiling as root and seeing if the resulting permissions are sensible |
| 19 |
> - compiling as root and looking into preventing files outside of |
| 20 |
> $EPREFIX being overwritten |
| 21 |
|
| 22 |
Prefix does an "best effort" approach on platforms where sandbox does |
| 23 |
not run (almost all, since on Linux it isn't too groovy either). This |
| 24 |
means that if the package does not install anything outside of DESTDIR, |
| 25 |
then the files are checked to be installed inside ${EPREFIX}. I think |
| 26 |
everyone with commit access to the tree compiles/installs the packages |
| 27 |
as non-root user, meaning that if a package installs outside DESTROOT |
| 28 |
they should have catched that by permission denied errors. That said, I |
| 29 |
think the tree is safe in that regard. I can't tell anything about |
| 30 |
other overlays though. |
| 31 |
|
| 32 |
There is a Google Summer of Code idea out to have sandbox be ported to |
| 33 |
more OSes, with Darwin one of them. Maybe someone is interested in |
| 34 |
doing that, it would be a great thing to have, IMO. |
| 35 |
|
| 36 |
> I realised that fink doesn't do the second part either, so it's not that |
| 37 |
> much of a showstopper if prefix-portage doesn't do it. But it'd sure be |
| 38 |
> nice to have. |
| 39 |
> |
| 40 |
> I also realised that sandbox might be Linux-specific and therefore take |
| 41 |
> a lot of effort to port to Mac OS X. A first step might be for emerge to |
| 42 |
> refuse placing files outside of $EPREFIX. This wouldn't catch broken |
| 43 |
> make install scripts overwriting /bin/bash but would catch broken |
| 44 |
> ebuilds compiling for /bin/bash instead of $EPREFIX/bin/bash. |
| 45 |
|
| 46 |
I don't understand how this catches these cases you describe last. For |
| 47 |
that I actually found only one solution: install Prefix on vanilla |
| 48 |
FreeBSD. When I did that I fixed several problems we overlooked where |
| 49 |
/bin/bash, or /usr/bin/perl was used. (FreeBSD doesn't come with |
| 50 |
either.) |
| 51 |
|
| 52 |
> How might FEATURES="userpriv" help here, d'you think? |
| 53 |
|
| 54 |
I have no clue. |
| 55 |
|
| 56 |
The biggest problem you're going to run into is that in "root-mode" |
| 57 |
(privileged), Prefix will currently act as if it is "unprivileged", so |
| 58 |
don't create any users, or chmod to any users other than the running |
| 59 |
user itself. |
| 60 |
This is a known limitation, that we obviously look for a solution for. |
| 61 |
Another Google Summer of Code project? |
| 62 |
|
| 63 |
|
| 64 |
-- |
| 65 |
Fabian Groffen |
| 66 |
Gentoo on a different level |
| 67 |
-- |
| 68 |
gentoo-alt@l.g.o mailing list |
Archives