1 |
On 28-02-2008 11:42:01 +0100, Michael Weiser wrote: |
2 |
> On Wed, Feb 27, 2008 at 06:19:39PM -0600, Jeremy wrote: |
3 |
> |
4 |
> >> I'm afraid not, because when installing as user michael dosbin can't |
5 |
> >> chown a file to root:amanda and chmod it 1750. I'd have to fix |
6 |
> >> permissions manually all the time. |
7 |
> |
8 |
> > Support for serveice scripts or daemons that run as root are not currently |
9 |
> > supported. See bug #196294 if you would like to contribute. the baselayout |
10 |
> > version in prefix is really old and needs alot of work. |
11 |
> |
12 |
> Since Mac OS X now consistently uses launchd, which is hugely different |
13 |
> from sysvinit/inetd, I expected and accepted that. I'm looking for |
14 |
> root-safeness. |
15 |
> |
16 |
> I'll have a go this evening at: |
17 |
> |
18 |
> - compiling as root and seeing if the resulting permissions are sensible |
19 |
> - compiling as root and looking into preventing files outside of |
20 |
> $EPREFIX being overwritten |
21 |
|
22 |
Prefix does an "best effort" approach on platforms where sandbox does |
23 |
not run (almost all, since on Linux it isn't too groovy either). This |
24 |
means that if the package does not install anything outside of DESTDIR, |
25 |
then the files are checked to be installed inside ${EPREFIX}. I think |
26 |
everyone with commit access to the tree compiles/installs the packages |
27 |
as non-root user, meaning that if a package installs outside DESTROOT |
28 |
they should have catched that by permission denied errors. That said, I |
29 |
think the tree is safe in that regard. I can't tell anything about |
30 |
other overlays though. |
31 |
|
32 |
There is a Google Summer of Code idea out to have sandbox be ported to |
33 |
more OSes, with Darwin one of them. Maybe someone is interested in |
34 |
doing that, it would be a great thing to have, IMO. |
35 |
|
36 |
> I realised that fink doesn't do the second part either, so it's not that |
37 |
> much of a showstopper if prefix-portage doesn't do it. But it'd sure be |
38 |
> nice to have. |
39 |
> |
40 |
> I also realised that sandbox might be Linux-specific and therefore take |
41 |
> a lot of effort to port to Mac OS X. A first step might be for emerge to |
42 |
> refuse placing files outside of $EPREFIX. This wouldn't catch broken |
43 |
> make install scripts overwriting /bin/bash but would catch broken |
44 |
> ebuilds compiling for /bin/bash instead of $EPREFIX/bin/bash. |
45 |
|
46 |
I don't understand how this catches these cases you describe last. For |
47 |
that I actually found only one solution: install Prefix on vanilla |
48 |
FreeBSD. When I did that I fixed several problems we overlooked where |
49 |
/bin/bash, or /usr/bin/perl was used. (FreeBSD doesn't come with |
50 |
either.) |
51 |
|
52 |
> How might FEATURES="userpriv" help here, d'you think? |
53 |
|
54 |
I have no clue. |
55 |
|
56 |
The biggest problem you're going to run into is that in "root-mode" |
57 |
(privileged), Prefix will currently act as if it is "unprivileged", so |
58 |
don't create any users, or chmod to any users other than the running |
59 |
user itself. |
60 |
This is a known limitation, that we obviously look for a solution for. |
61 |
Another Google Summer of Code project? |
62 |
|
63 |
|
64 |
-- |
65 |
Fabian Groffen |
66 |
Gentoo on a different level |
67 |
-- |
68 |
gentoo-alt@l.g.o mailing list |