Giter VIP home page Giter VIP logo

Comments (6)

waddlesplash avatar waddlesplash commented on July 27, 2024

Also from @mmlr:

we should also generally disable extracting with other uids by means of filters
and probably heed the python tarfile docs warning about using data filter to prevent tars from writing anywhere in the system...

from haikuporter.

waddlesplash avatar waddlesplash commented on July 27, 2024

I wonder why we use Python's tar handling support anyway. It appears all the things we do with it can be done via tar command line arguments, and we already use command line tools for extracting other types of archives. That'd be a lot simpler than all the code we have for filters and info-handling.

from haikuporter.

waddlesplash avatar waddlesplash commented on July 27, 2024

It appears tar can only duplicate hardlinked files, though, not turn them into symlinks as our filtering code does. I think that should be fine?

from haikuporter.

korli avatar korli commented on July 27, 2024

I suppose, that, when cross-building, the provided tar version can be very different.

from haikuporter.

pulkomandy avatar pulkomandy commented on July 27, 2024

I think that should be fine?

Probably not, if the build modifies any of these files. It's difficult to say if some recipes would hit that specific problem.

In 2019, some build (@mmlr believes it to be https://build.haiku-os.org/buildmaster/master/x86_64/?buildrunDir=2953&viewMode=expanded) created a user named root. As the root user on Haiku is just called user, the new root user had a UID greater than 1000, not 0.

How did that even affect the builder? Creating a user should change the /etc/passwd file inside the chroot, but not the one used by the OS, right? So once the build is done, that user disappears? Otherwise, it is a chroot leak and that is a problem that should be solved on Haiku side?

from haikuporter.

waddlesplash avatar waddlesplash commented on July 27, 2024

Otherwise, it is a chroot leak and that is a problem that should be solved on Haiku side?

The useradd command does not modify /etc/passwd but contacts Registrar to ask it to make the change. And registrar only checks that the application making the request is running as root (UID 0) and nothing else, which it is inside the chroot. Yes, we should probably fix this on the Haiku side, but I'm not quite sure about how.

from haikuporter.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.