[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to make Debian less fragile (long and philosophical)

On Sun, Aug 15, 1999 at 07:32:03PM +0200, Bart Schuller wrote:
> > > Or the building of packages using fakeroot?
> > >
> > > To solve that one we'd either have to change all of Debian to
> > > build correctly with SHELL being something other than /bin/sh, or
> > > the "known good" shell can't be /bin/sh ...

On Sun, Aug 15, 1999 at 08:55:17PM -0400, Raul Miller wrote:
> > Why? fakeroot is basically a mechanism for surrogate storing of
> > user information, and /bin/sh doesn't have a way of changing the
> > ownership files/directories (except by invoking another program).

On Mon, Aug 16, 1999 at 10:26:53AM +0200, Bart Schuller wrote:
> Bash has "test" (or "[") as a builtin command, so it wouldn't see the
> changes that another program makes.


I'm sorry, but I'm pretty dense -- can you indicate an example of how
this would be a problem?

Are there installation scripts that do chmod then fail if -u reports that
it's not setuid?  Or are there scripts which use -O to see if something
is owned that would fail if the wrong files are owned by "root"?

I agree that security-oriented scripts might have problems this way,
but any serious security-oriented script would have far worse problems
using fakeroot (like, not being able to get at critical audit-related
resources).  I'm having trouble imagining that this is a serious problem
for any real installation script (which is what fakeroot is most useful

Anyways, if this really is an issue it is possible that fakeroot could
modify execve so that instead of handing control to /bin/sh it ran some
other shell (/bin/bash, /usr/lib/fakeroot/sh, or whatever...).


Reply to: