Mock and consolehelper
Till Maas
opensource at till.name
Wed Dec 19 12:10:33 UTC 2007
On Wednesday 19 December 2007 08:19:33 Kevin Kofler wrote:
> I have noticed that mock in Rawhide has been changed to drop the SUID
> helper, instead consolehelper is used to run the entire mock as root. IMHO,
> this is a regression:
> * It now means you have to know the root password to run mock. Before, it
> was possible to give out mock access and only that simply by making the
> user a member of the mockbuild group. Now the only way to do that is to
> allow running all of mock as root, which probably opens up several ways to
> get full root access from there.
Older versions of mock already allow every user that is allowed to run it,
i.e. is in the mockbuild group, to get root access:
$ mock shell
init
mock-chroot> chmod u+s /bin/bash
mock-chroot> exit
exit
ending
done
$ /var/lib/mock/fedora-7-i386/root/bin/bash -p
Regards,
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20071219/00cad2af/attachment.sig>
More information about the fedora-devel-list
mailing list