[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Experiences with compiling Debian

> Mark Baker wrote:
> [building as non-root]
> >what if the package
> >tries to set the ownership of a file from within another shell script or a
> >perl script; how can you intercept that so it works properly?
> Build a shared library which wraps all calls to chown(), then set
> LD_PRELOAD to that library.  Should be pretty foolproof.

Yeah, I like that: wrap chown (and friends) _and_ stat(): then
the install, chown, etc stuff in the debian/rules will go
right as well as the final tar!

Anyone wants to do this? I have no experience in overloading
libc functions, but I really like the idea, so if nobody else
does it, I'm going go give it a try.

What I have in mind:

The wrapper functions check for the environment variable
"FAKEROOT_FILE", if it's set they will use that file to write/read
the intended permissions of the various files. So doing a 
chmod("/etc/passwd",0777), would return "success", and write to
$FAKEROOT_FILE a like like "0777 0 /etc/passwd" (with 0 the current
owner). A stat("/etc/passwd",&buf) would check in $FAKEROOT_FILE
for "fake permissions", and set buf.st_mode accordingly.
For speed we might want to sort/hash the FAKEROOT_FILE.

And when we're at it, also wrap getuid(), so that the check for
root goes right in debian/rules. One problem though: after saying
"export LD_PRELOAD=/usr/lib/libfakeroot.so", you more-or-less are
"fake-root", so the statement "you need to be root to build debian
packages" still would (_seem_to_) be right.

Hey, and why not wrap open()/write() too? An open("/etc/passwd",O_WRONLY)
would accutually succeed if the "fake permission" is 0777
(as above), and in the FAKEROOT_FILE you'd just record the "fake contents"
of /etc/passwd... Well, never mind.

The only problem with this is that if there are setuid binaries involved
in the debian/rules binary process, they will not use the LD_PRELOAD
stuff, and things may go wrong. (But as long as those binaries are
setuid root, they wouldn't need the libfakeroot).

joost witteveen, joostje@debian.org
#!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: