Mock and consolehelper
Tomas Mraz
tmraz at redhat.com
Wed Dec 19 08:25:20 UTC 2007
On Wed, 2007-12-19 at 07:19 +0000, Kevin Kofler wrote:
> I have noticed that mock in Rawhide has been changed to drop the SUID helper,
> instead consolehelper is used to run the entire mock as root. IMHO, this is a
> regression:
> * It now means you have to know the root password to run mock. Before, it was
> possible to give out mock access and only that simply by making the user a
> member of the mockbuild group. Now the only way to do that is to allow running
> all of mock as root, which probably opens up several ways to get full root
> access from there.
You can configure access to mock through the /etc/pam.d/mock file and it
currently already should allow to non-interactive use by users in group
mock. There is:
auth sufficient pam_rootok.so
auth sufficient pam_succeed_if.so user ingroup mock use_uid quiet
> * It means mock has to be run interactively. What are the implications of this
> on the builders? Will they have to install all of mock SUID root, or set up
> consolehelper in a way which effectively does the same?
> * It reduces security, as instead of a small helper doing only a few controlled
> operations, you now run all of mock as root. Sure, it's Python, so buffer
> overflows probably can't happen, but still, trigger any bug in mock with a
> trojaned SRPM and you have root.
mock could still drop priviledges - change to mock user or whatever as
soon as it doesn't need to be root anymore.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the fedora-devel-list
mailing list