[PATCH koji] added koji-helper setuid program
Enrico Scholz
enrico.scholz at informatik.tu-chemnitz.de
Mon Sep 17 16:52:24 UTC 2007
Mike McLean <mikem at redhat.com> writes:
>> This patch adds a 'koji-helper' setuid program which implements the
>> following methods:
>
>> Methods above are implemented to replace the python 'safe_rmtree()' method
>> which was never safe, nor will work when 'kojid' is running as non-root.
>
> It all depends on what you mean by safe
Definitively not the racy
| find ... | xargs rm
...
> The safe_rmtree function protects against the destruction of stray
> mounts underneath the buildroot. This is a serious risk, though perhaps
> some folks will not appreciate how serious until they are debugging a
> buildroot, add a mount, and accidentally delete its contents when the
> buildroot is cleaned.
>
> Your patch seems to remove this protection.
no; it does not cross filesystem borders.
> I designed kojid to run as root, and I don't see that as a problem. Many
> daemons run as root and kojid has more need of it than most.
What are these needs? 'kojid' runs perfectly as non-root.
> I do not like the old mock security model and I consider it flawed. I
> have no desire to emulate it in koji.
Yes; mock's helper binary is full of races and broken constraints :(
Enrico
More information about the Fedora-buildsys-list
mailing list