Re: qemu-user lost its entire viability

To: Michael Tokarev <mjt@tls.msk.ru>
Cc: debian-68k@lists.debian.org, debian-superh@lists.debian.org, security@debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Subject: Re: qemu-user lost its entire viability
From: Thorsten Glaser <tg@debian.org>
Date: Sat, 23 Aug 2025 21:20:21 +0200 (CEST)
Message-id: <[🔎] ebe17f44-462f-7c6f-c825-00e5657957a4@debian.org>
In-reply-to: <[🔎] 43467334-39dd-488b-a9a8-f79199ba8b5a@tls.msk.ru>
References: <aKi6IWVX2uIlGKnw@seger.debian.org> <Pine.BSM.4.64L.2508230023030.21591@herc.mirbsd.org> <6abe2750-5e2c-43a1-be57-1dc2ccabdd91@tls.msk.ru> <[🔎] 119d5858-52f4-ce1b-9ee7-9615ce2054b9@debian.org> <[🔎] b9c3de733b99cabeecff8b50a7d57fd17b29a08e.camel@physik.fu-berlin.de> <[🔎] 2890f137-20fe-452f-bacd-cef360eeb548@tls.msk.ru> <[🔎] ca288b60-409e-ebc8-e436-23675dacfd96@debian.org> <[🔎] 43467334-39dd-488b-a9a8-f79199ba8b5a@tls.msk.ru>

On Sat, 23 Aug 2025, Michael Tokarev wrote:

> This is impolite when you skip whole my explanation.

Your explanation I snipped was unrelated to the problem.

>> prompt> chroot --userspec=uname:gname /path/to/chroot /bin/sh
>> chroot> do something
>> chroot> sudo do something else
>
> This relied on an equivalent of your /bin/sh being suid-root.

Then fix it. Make qemu-user check privilegues and drop them
where not needed. Do not cop out breaking everything for users.

> For this particular
> workflow you have to find another way doing it, for example:
>
> prompt> chroot --userspec=uname:gname /path/to/chroot /bin/sh
> chroot> do something
> chroot> exit
> prompt> chroot /path/to/chroot do something else

This is impossible: when building packages in chroots, they have
and *can* have an expectation that these things work.

> I don't understand why you urge to return suid-root to your

I don’t, I just fucking want the use case to continue working,
and you map this as black-and-white and general “no, fuck off,
I don’t even *try* to understand your use case and instead just
tell you to not use it”.

No thanks,
//mirabilos
-- 
Yes, I hate users and I want them to suffer.
	-- Marco d'Itri on gmane.linux.debian.devel.general

Reply to:

Follow-Ups:
- Re: qemu-user lost its entire viability
  - From: Michael Tokarev <mjt@tls.msk.ru>

References:
- qemu-user viability (was Re: [SECURITY] [DSA 5983-1] qemu security update)
  - From: Thorsten Glaser <tg@debian.org>
- Re: qemu-user viability (was Re: [SECURITY] [DSA 5983-1] qemu security update)
  - From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
- Re: qemu-user viability (was Re: [SECURITY] [DSA 5983-1] qemu security update)
  - From: Michael Tokarev <mjt@tls.msk.ru>
- Re: qemu-user viability
  - From: Thorsten Glaser <tg@debian.org>
- Re: qemu-user viability
  - From: Michael Tokarev <mjt@tls.msk.ru>

Prev by Date: Re: qemu-user viability
Next by Date: Re: qemu-user lost its entire viability
Previous by thread: Re: qemu-user viability
Next by thread: Re: qemu-user lost its entire viability
Index(es):
- Date
- Thread