Bug#363475: [Buildd-tools-devel] Bug#363475: please change to $HOME
if $PWD doesn't exist in chroot
Roger Leigh
rleigh at whinlatter.ukfsn.org
Fri Apr 21 23:16:44 UTC 2006
Martin Michlmayr <tbm at cyrius.com> writes:
> I'd rather end up in $HOME than in / whene the current working dir
> doesn't exist in the chroot:
This sounds reasonable. However, I would like to consider the
implications, particularly for security. This would mean doing the
following:
1. Try $PWD
2. Try $HOME
3. Try passwd pw_dir
4. Use /
While this might make sense for login shells, I'm unhappy doing this
for normal commands. Consider
$ schroot -c chroot -- rm -f foo
Depending on where you are in the filesystem, this might run in the
current directory (if bind mounted or otherwise available inside the
chroot), the home directory, or the root directory. Because of the
danger here, I want it to be as deterministic as is reasonably
possible.
Does anyone have any other opinions or advice?
How do other tools handle this?
Regards,
Roger
--
Roger Leigh
Printing on GNU/Linux? http://gutenprint.sourceforge.net/
Debian GNU/Linux http://www.debian.org/
GPG Public Key: 0x25BFB848. Please sign and encrypt your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20060422/f7ca8448/attachment.pgp
More information about the Buildd-tools-devel
mailing list