[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#58640: wrapper does not handle fakeroot well

On Tue, Feb 22, 2000 at 12:18:54PM +0200, Fabrizio Polacco wrote:

> I understand this and I can even sympathize, but ...
> ... there is an issue.
> Please remember that the wrapper si no only man, but also mandb.
> mandb has an option -t which can be usefull to test a man hierarchy to
> search for not parsable manpages or broken links.
> For example you can run mandb -c -t debian/tmp/usr/share/man  within
> your build, as a test case.
> See the point? It will run under fakeroot.

OK here is a patch that will allow it to work under fakeroot, however
if root runs his shell in fakeroot it will cause the man programs to
be run as root and not get su to nobody.  (but that is even more

--- /usr/bin/man        Tue Feb  8 05:59:28 2000
+++ man Mon Feb 21 23:56:31 2000
@@ -2,7 +2,7 @@
 pgm=`basename $0`
 cmd="${edir}/${pgm} ${1+$@}"
-[ `id -u` = 0 ] || exec ${cmd}
+[ `id -u` = 0 -a ! -n "$FAKEROOTKEY" ] || exec ${cmd}
 su nobody -c "/bin/true" && exec su nobody -c "$cmd"
 su -s /bin/true 2>/dev/null && exec su -s /bin/sh nobody -c "$cmd"
 exec su man -c "$cmd"

I have tested this patch it does work.
> So let's forget this wrapper stuff and go back to plain old setuid man
> man prog.
> this for potato.
> I will try to ave a setgid man and mandb for woody. then when it's
> tested we can even make a potato security update.
> But now we are only adding grave and important bugs and just delaying
> frozen.

i think man has been designed to be setuid rather then setgid.. 

also with a C wrapper you can do more robust tests for who the user
really is (the same tests su does whatever that is) 

Ethan Benson

Reply to: