On Thu, May 15, 2014 at 3:26 AM, Adrian Schröter <adrian@suse.de> wrote:
On Mittwoch, 14. Mai 2014, 23:18:48 wrote Roman Neuhauser:
# mail@bernhard-voelker.de / 2014-05-14 22:51:56 +0200:
On 05/14/2014 10:33 PM, Marcus Meissner wrote:
We tried very hard not to run stuff as root over years, making it too easy now to revert this, is probably bad.
That's exactly why I don't like a hack but an all-accepted solution. E.g. a whitelist of complete command line strings which are permitted to run as root in an OBS chroot. And a macro %sudo which checks the given command against the whitelist before chaning to root. By that, the security and quality team would have fine-grained control over what is permitted.
E.g. for coreutils-testsuite, only the command string 'env PATH="$PATH" NON_ROOT_USERNAME=$USER make -k check-root' would need to be added. The spec file could define it like %sudo env PATH="$PATH" NON_ROOT_USERNAME=$USER make -k check-root and that macro could verify that exactly that string is permitted.
limiting the privileged commandline to an invocation of a third-party program does little to improve security. perhaps if the root mode could be limited to vm builds (no chroots)?
It is not about security. It is to avoid that we get unclean src.rpms in first place.
We improved there a lot, in old times we had plenty of src.rpms which were modifying the users system when you build it.
I've heard the security argument several times on the list, though. -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org