# mail@bernhard-voelker.de / 2014-05-14 22:51:56 +0200:
On 05/14/2014 10:33 PM, Marcus Meissner wrote:
We tried very hard not to run stuff as root over years, making it too easy now to revert this, is probably bad.
That's exactly why I don't like a hack but an all-accepted solution. E.g. a whitelist of complete command line strings which are permitted to run as root in an OBS chroot. And a macro %sudo which checks the given command against the whitelist before chaning to root. By that, the security and quality team would have fine-grained control over what is permitted.
E.g. for coreutils-testsuite, only the command string 'env PATH="$PATH" NON_ROOT_USERNAME=$USER make -k check-root' would need to be added. The spec file could define it like %sudo env PATH="$PATH" NON_ROOT_USERNAME=$USER make -k check-root and that macro could verify that exactly that string is permitted.
limiting the privileged commandline to an invocation of a third-party program does little to improve security. perhaps if the root mode could be limited to vm builds (no chroots)? -- roman -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org