Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-amd64

From: Alex Alexander <wired@g.o>
To: gentoo-amd64@l.g.o
Subject: Re: [gentoo-amd64] Secure chroot (was: Re: Wine with no-multilib on AMD64)
Date: Tue, 16 Mar 2010 14:04:37
Message-Id: 20100316134819.GB14328@fury.skynet
In Reply to: [gentoo-amd64] Secure chroot (was: Re: Wine with no-multilib on AMD64) by "Sebastian Beßler"
1 On Tue, Mar 16, 2010 at 01:27:46PM +0100, Sebastian Beßler wrote:
2 > Am Dienstag, 16. März 2010 12:22:56 schrieb Alex Alexander:
3 > > On Tue, Mar 16, 2010 at 10:23:06AM +0100, Sebastian Beßler wrote:
4 > > > Am 16.03.2010 02:56, schrieb Duncan:
5 > > > > I posted the link to the guide in the doomsday thread pretty much
6 > > > > concurrently to the discussion here, but for convenience, here's the
7 > > > > link:
8 > > > >
9 > > > > http://www.gentoo.org/proj/en/base/amd64/howtos/index.xml?part=1&chap=2
10 > > >
11 > > > What I don't like with this guide is that you have to be root to chroot
12 > > > into and run the applications as root inside of the chroot.
13 > >
14 > > You don't need to be root in the chroot to run applications. Just create
15 > > a user in the chroot and switch:
16 > >
17 > > su - youruser
18 >
19 > That is not really a solution, because all it need to be root again is a
20 > simple exit. And chroot-root can break out of the chroot without problem.
21 >
22 > And you still need to be root to enter the chroot so you must always type in
23 > your root password to start a simple app, even if you drop root inside the
24 > chroot. So this is nothing more then a really fragile hack, to me at last.
25 >
26 > Greetings
27 >
28 > Sebastian
29
30 I have a script that runs su - wired and I run that instead of /bin/bash
31 (in my chroot script after all the necessary mounting, ofcourse)
32
33 sudo chroot my_chroot /usr/local/bin/init_chroot_wired
34
35 that script ends with an "exit"
36
37 ### /usr/local/bin/init_chroot_wired in my chroot ###
38
39 #!/bin/bash
40 env-update
41 source /etc/profile
42 su - wired
43 exit
44
45 so when I exit the chroot it dies instead of dropping me to the root
46 chroot shell.
47
48 --
49 Alex Alexander :: wired
50 Gentoo Developer
51 www.linuxized.com
Report Message
Find on MARC Find on Google Groups