Some ideas and concerns regarding fakeroot
Debianizing a package often requires hacking around in Makefile to make
the package install in debian/tmp or so. The fakeroot package is already
messing around with the permissions of files and buiding a file index in
ram I guess. Could we have the following functionality to avoid the
editing of makefiles:
1. There is a environment variable VIRTUAL_ROOT which is set by the
maintainer to the debian/tmp directory.
2. If the installation is trying to write a file to a directory where
there are no permission to write (package is build under regular userid)
then redirect the file into VIRTUAL_ROOT/path and create all leading
directories.
3. If a file is opened for reading with an absolute path then first look
into VIRTUAL_ROOT/path before trying to access the real path.
Maybe the above would make it extremely easy to debianize software in the
future.
Concerns:
The fakeroot package simulates virtual permissions and might be able to
simulate virtual files such as an /etc/passwd file. It would be a big
security hole if someone could develope a library that can be preloaded
with LD_PRELOAD which results in the ability to tamper with the contents
of /etc/passwd by redirecting it somewhere else. Fakeroot seems to show to
me that this is possible. The LD_PRELOAD function should be somehow
safeguarded. I do not want any of the users on my system to have that
ability.
Simple hack with such a preloaded library: Substitute a known password for
root in /etc/passwd and run su. Type the password and you are superuser.
--- +++ --- +++ --- +++ --- +++ --- +++ --- +++ --- +++ ---
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: