[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#508295: debootstrap: doesn't work with proxifiers (tsocks and proxychains)



Colin Watson wrote:
> On Tue, Dec 09, 2008 at 08:34:03PM +0200, Eugene V. Lyubimkin wrote:
>> One of my machines is behind the corporative proxy (both HTTP and SOCKSv5).
>> For applications that have not built-in proxy support I successfully use either
>> tsocks (SOCKS) or proxychanins proxifiers. They works well with 'bts' or
>> 'reportbug', but debootstrap'ping always silently fail with 'Unable to retrieve Release'.
>>
>> 'strace -e trace=network' doesn't show any relevant info. Please investigate the
>> problem and suggest some solution or even a workaround would be appreciated.
> 
> How are you invoking debootstrap? The following is a guess:
> 
> Both tsocks and proxychains appear to operate by setting the LD_PRELOAD
> environment variable. This environment variable is removed by glibc when
> executing any set-id program (including sudo, su, etc.) because it is an
> easy way for a non-root attacker to attack any such set-id program. This
> is inherent to set-id programs and has nothing to do with debootstrap
> itself.
> 
> Unless it's straightforward to start tsocks or proxychains *after*
> escalating to root, perhaps you might try something like this:
> 
>   sudo env LD_PRELOAD="$LD_PRELOAD" debootstrap ...
> 
> (I agree that this is not obvious. I don't think debootstrap's
> documentation is a good place to talk about it, though; if this is
> indeed the problem then I think it should be documented by tsocks and
> proxychains.)
Hello Colin, thanks for suggestion, I will try and report the result.

-- 
Eugene V. Lyubimkin aka JackYF, JID: jackyf.devel(maildog)gmail.com
Ukrainian C++ developer, Debian Maintainer, APT contributor

Attachment: signature.asc
Description: OpenPGP digital signature


Reply to: