Bug#747946: pbuilder: should not use su, because it breaks with systemd and user namespaces

Thu May 22 19:49:21 UTC 2014

Control: tags -1 + patch

On Tue, May 13, 2014 at 11:32:34AM +0200, Helmut Grohne wrote:
> Package: pbuilder
> Version: 0.215
> Severity: normal
> 
> As has been pointed out on debian-devel at
> https://lists.debian.org/debian-devel/2014/05/msg00366.html using su in
> things like /etc/init.d is wrong. In a similar vein, pbuilder's usage of
> SUTOUSER is wrong, because it creates a new session, but builds should
> not create sessions. Apart from that, it also breaks running pbuilder
> inside user namespaces:
> 
> I: Extracting source
> su: System error
> 
> The invocation of su is a bit more verbose in auth.log:
> su[123]: PAM audit_log_acct_message() failed: Operation not permitted
> su[123]: pam_authenticate: System error
> su[123]: FAILED su for pbuilder by root
> su[123]: - ??? root:pbuilder

So the "real" fix is likely going into linux 3.15:
http://permalink.gmane.org/gmane.linux.kernel.commits.head/445016

> It is not clear to me what should be used instead. A number of options
> were mentioned:
>  * start-stop-daemon
>    SUTOUSER=/sbin/start-stop-daemon --start --pidfile /dev/null --chuid pbuilder --startas /bin/sh
>    (Thanks to Peter Palfrader for coming up with this beast.)

I prepared a patch for this variant anyway, because using older kernels
is not a rare thing. Better fix both.

Helmut
-------------- next part --------------
diff -Nru pbuilder-0.215/debian/changelog pbuilder-0.215+nmu1/debian/changelog

--- pbuilder-0.215/debian/changelog	2013-03-30 03:06:05.000000000 +0100
+++ pbuilder-0.215+nmu1/debian/changelog	2014-05-22 21:44:27.000000000 +0200
@@ -1,3 +1,10 @@
+pbuilder (0.215+nmu1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Use start-stop-daemon rather than su. (closes: #747946)
+
+ -- Helmut Grohne <helmut at subdivi.de>  Thu, 22 May 2014 21:44:07 +0200
+
 pbuilder (0.215) unstable; urgency=low
 
   * Do not try to use /dev/shm if /run/shm is not present. (closes: #702811, #702102)
diff -Nru pbuilder-0.215/pbuilder-buildpackage pbuilder-0.215+nmu1/pbuilder-buildpackage
--- pbuilder-0.215/pbuilder-buildpackage	2012-03-13 09:25:15.000000000 +0100
+++ pbuilder-0.215+nmu1/pbuilder-buildpackage	2014-05-22 21:45:47.000000000 +0200
@@ -37,14 +37,14 @@
     # environment, so cowdancer shouldn't have to run, and fakeroot
     # should be running later, so it shouldn't matter.
     # LOGNAME: set this to shut up some tools.
-    # su -p : switch to user preserving env vars, we need most of them. 
-    SUTOUSER="env LD_PRELOAD= LOGNAME=$BUILDUSERNAME su -p $BUILDUSERNAME"
+    # switch to user preserving env vars, we need most of them. 
+    SUTOUSER="env LD_PRELOAD= LOGNAME=$BUILDUSERNAME /sbin/start-stop-daemon --start --pidfile /dev/null --chuid $BUILDUSERNAME --startas /bin/sh"
     DEBBUILDOPTS="${DEBBUILDOPTS:+$DEBBUILDOPTS }-rfakeroot"
     EXTRAPACKAGES="${EXTRAPACKAGES} fakeroot"
     log "I: using fakeroot in build."
 else
     # run the build in root
-    SUTOUSER="su -p "
+    SUTOUSER="sh"
     BUILDUSERID=0
     BUILDUSERNAME=root
 fi
