[buildd-tools-devel] Bug#608414: Bug#608414: missing umask thing in sbuild-createchroot?

Cyril Brulebois kibi at debian.org
Thu Dec 30 18:47:32 UTC 2010


Roger Leigh <rleigh at codelibre.net> (30/12/2010):
> Not sure why this is so restrictive initially.  I think it was
> probably to prevent any access to the chroot environment except via
> sudo/schroot, but the security is minimal at best and probably
> entirely pointless.  I certainly have 0755 perms on all my chroots.

And while we're at it, what about chroot configuration files?
| $ ls -l /etc/schroot/chroot.d
| total 8
| -rw------- 1 root root 216 Dec 30 19:26 experimental-amd64-sbuild
| -rw------- 1 root root 189 Dec 30 19:27 sid-amd64-sbuild

Not sure they should be rw for the sbuild group; but at least readable
by anyone shouldn't hurt..

KiBi.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20101230/04790fd6/attachment.pgp>


More information about the Buildd-tools-devel mailing list