Date: Thu, 28 May 2015 08:18:40 +0200
From: Natanael Copa <ncopa@alpinelinux.org>
To: William Pitcock <nenolod@dereferenced.org>
Cc: alpine-devel@lists.alpinelinux.org
Subject: [alpine-devel] installing build deps as non-root (WAS: 3.3 proposal: reduce number
 of SUID binaries as much as possible)
Message-ID: <20150528081840.44ec3532@ncopa-desktop.alpinelinux.org>
In-Reply-To: <CA+T2pCFTMLEuZjsYCbXVK7GEG3v0S9EvP5FkbboS+mKRK9_0yA@mail.gmail.com>
References: <CA+T2pCFTMLEuZjsYCbXVK7GEG3v0S9EvP5FkbboS+mKRK9_0yA@mail.gmail.com>
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Tue, 26 May 2015 04:32:01 -0500
William Pitcock <nenolod@dereferenced.org> wrote:

> Hello,
> 
> I would like to see a general reduction of SUID binaries where
> possible.  For example, a lot of APKBUILDs have options=suid when
> there's probably no real reason for it.

This reminds me of a problem I have been thinking of.

When creating/maintaining package we need temporary install the build
time dependencies and when build is done we need uninstall them.

Is there a good way to do this without relying on suid? And we
definitively don't want run the entire build as root.

We probably want build the packages in a chroot too in the future.
Doing chroot(2) also requires root permission.

We currently have a magic group 'abuild'. If you are in this group you
are allowed to install packages. This means, you are effectively root
if you are in this group. Are there better ways to do it?

We could maybe tighten it up and forbid --allow-untrusted. Then you
need both be in the group and install the signing key in /etc/apk/keys

-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---