Discussion summary: Mock security
Mike McLean
mike at redhat.com
Thu Jun 8 02:03:56 UTC 2006
Clark Williams wrote:
> Michael E Brown wrote:
>>On Wed, 2006-06-07 at 19:52 -0400, Mike McLean wrote:
>>>At the moment, mock runs as a mortal user and uses mockhelper to execute
>>>a limited number of shell commands as root. What I'd like to do is have
>>>mock-helper (possibly renamed) run mock.py (and only mock.py) as root,
>>>letting mock.py take actions directly without having to filter back
>>>through mockhelper.
>>
>>Ok, so this is the coolest proposed solution I have seen to this
>>problem. I like it a lot.
>
>
> How would we tell that the mock.py being run as root is the mock.py we
> all know and love (and not one defiled by some black hat)?
So mockhelper would continue to perform env sanitation, and I imagine it
will have a hard-coded path for mock.py. I suppose if we're really
paranoid we could store the sha1sum of mock.py at compile time and check
it at runtime, but I think restricting to running mock.py from the
standard location is sufficient.
More information about the Fedora-buildsys-list
mailing list