Bug#814738: pbuilder: please support building with grsec TPE enabled
Mattia Rizzolo
mattia at debian.org
Sun Feb 14 22:06:34 UTC 2016
control: tag -1 pending
On Sun, Feb 14, 2016 at 10:31:17PM +0100, Reiner Herrmann wrote:
> when grsecurity is enabled together with TPE (Trusted Path Execution),
> it is no longer possible to build packages with pbuilder, because the
> build user is running binaries in untrusted locations (if also
> tpe_invert is set).
grsecurity is something I definitely not use nor I know about, tbh.
> To still enable building, the build user has to be added to the
> white-listed group/gid.
>
> The attached patch does this if TPE is enabled.
the patch looks good enough even to my naive eyes[1], so I applied it.
Thanks! :)
[1] modulo I'd have preferred a local variable for TPEGID, but that's
easy enough to do by myself ;)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: http://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pbuilder-maint/attachments/20160214/60177da2/attachment.sig>
More information about the Pbuilder-maint
mailing list