Mailinglist Archive: opensuse-buildservice (166 mails)

< Previous Next >
Re: [opensuse-buildservice] run commands from spec file as root
On Mittwoch, 14. Mai 2014, 23:18:48 wrote Roman Neuhauser:
# mail@xxxxxxxxxxxxxxxxxxx / 2014-05-14 22:51:56 +0200:
On 05/14/2014 10:33 PM, Marcus Meissner wrote:
We tried very hard not to run stuff as root over years, making
it too easy now to revert this, is probably bad.

That's exactly why I don't like a hack but an all-accepted
solution. E.g. a whitelist of complete command line strings
which are permitted to run as root in an OBS chroot. And a
macro %sudo which checks the given command against the whitelist
before chaning to root. By that, the security and quality team
would have fine-grained control over what is permitted.

E.g. for coreutils-testsuite, only the command string
'env PATH="$PATH" NON_ROOT_USERNAME=$USER make -k check-root'
would need to be added. The spec file could define it like
%sudo env PATH="$PATH" NON_ROOT_USERNAME=$USER make -k check-root
and that macro could verify that exactly that string is permitted.

limiting the privileged commandline to an invocation of a third-party
program does little to improve security. perhaps if the root mode could
be limited to vm builds (no chroots)?

It is not about security. It is to avoid that we get unclean src.rpms in
first place.

We improved there a lot, in old times we had plenty of src.rpms which
were modifying the users system when you build it.

--

Adrian Schroeter
email: adrian@xxxxxxx

SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284
(AG Nürnberg)
Maxfeldstraße 5
90409 Nürnberg
Germany



--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups