X-Original-To: alpine-devel@mail.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from mail.alpinelinux.org (dallas-a1.alpinelinux.org [127.0.0.1]) by mail.alpinelinux.org (Postfix) with ESMTP id 43D2BDC1B68 for ; Fri, 29 May 2015 06:49:25 +0000 (UTC) Received: from mail-wi0-f176.google.com (mail-wi0-f176.google.com [209.85.212.176]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.alpinelinux.org (Postfix) with ESMTPS id D2328DC00AF for ; Fri, 29 May 2015 06:49:19 +0000 (UTC) Received: by wizo1 with SMTP id o1so11309102wiz.1 for ; Thu, 28 May 2015 23:49:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=ht1+h4Wqg3X/0Db/QNbiQa0rjr7VmecX3xjgjPK6jkM=; b=UJCFkBXpd3WoYzCIlwaQPdaRoAskcMlGM+PulsIZr4/dHS2+8LdNB8AHIVitvxQkmQ K9sAmLv+gNYvxjwX+/2fGJnwYwNoGCTTWt0taIoi1GnC4obrDUodffol/Qwb9fBseb6C THCCw3JJ6inMa94j1yfeg8jIvUlVpGD2XKKKylZf+YZamwSxewqD7MVa168xeSjSNFu4 PbT3EXTAHtg0049WN671ZuKXscQH1rcYygN7y07RKxsG4pW0OHpsdi9/vBHJ/3kOSoUZ tMkVsxqnMso1hvNaVR4hYijqJ0nRDhC6yX9erUzwoAVUR9SjkGCK4G3IAtYd7HSQQ3zM nUMg== X-Gm-Message-State: ALoCoQk3Y48gVYD1YWLhrJoOPAR1mda3ho8GVT8M5rvQRhcnU7NRdeqZGk5Pv7oIeQJnAmhyiqiR X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 X-Received: by 10.194.203.138 with SMTP id kq10mr12114455wjc.124.1432882157845; Thu, 28 May 2015 23:49:17 -0700 (PDT) Received: by 10.180.189.5 with HTTP; Thu, 28 May 2015 23:49:17 -0700 (PDT) In-Reply-To: <20150528081840.44ec3532@ncopa-desktop.alpinelinux.org> References: <20150528081840.44ec3532@ncopa-desktop.alpinelinux.org> Date: Fri, 29 May 2015 01:49:17 -0500 Message-ID: Subject: [alpine-devel] Re: installing build deps as non-root (WAS: 3.3 proposal: reduce number of SUID binaries as much as possible) From: William Pitcock To: Natanael Copa Cc: alpine-devel@lists.alpinelinux.org Content-Type: text/plain; charset=UTF-8 X-Virus-Scanned: ClamAV using ClamSMTP On Thu, May 28, 2015 at 1:18 AM, Natanael Copa wrote: > On Tue, 26 May 2015 04:32:01 -0500 > William Pitcock wrote: > >> Hello, >> >> I would like to see a general reduction of SUID binaries where >> possible. For example, a lot of APKBUILDs have options=suid when >> there's probably no real reason for it. > > This reminds me of a problem I have been thinking of. > > When creating/maintaining package we need temporary install the build > time dependencies and when build is done we need uninstall them. > > Is there a good way to do this without relying on suid? And we > definitively don't want run the entire build as root. > > We probably want build the packages in a chroot too in the future. > Doing chroot(2) also requires root permission. > > We currently have a magic group 'abuild'. If you are in this group you > are allowed to install packages. This means, you are effectively root > if you are in this group. Are there better ways to do it? > > We could maybe tighten it up and forbid --allow-untrusted. Then you > need both be in the group and install the signing key in /etc/apk/keys Ideally, I think what we should do is perhaps use lightweight containers for build environments. And then what you do is bind-mount the aports tree(s) in the right places in the container. Then you do the build as root inside the container instead of bother with fakeroot, cowdancer, etc. I'm going to probably be busy with this FOSS raid monitoring stuff this summer so I probably won't have much time to pursue this, but it's just an idea of how it could work. William --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---