Debian Bug report logs - #430765
please add ccache support

version graph

Package: pbuilder; Maintainer for pbuilder is Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>; Source for pbuilder is src:pbuilder.

Reported by: "Steinar H. Gunderson" <sesse@debian.org>

Date: Wed, 27 Jun 2007 09:00:18 UTC

Severity: wishlist

Tags: patch, pending

Found in version pbuilder/0.170

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>:
Bug#430765; Package pbuilder. Full text and rfc822 format available.

Acknowledgement sent to "Steinar H. Gunderson" <sesse@debian.org>:
New Bug report received and forwarded. Copy sent to Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Steinar H. Gunderson" <sesse@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: please add ccache support
Date: Wed, 27 Jun 2007 10:34:11 +0200
[Message part 1 (text/plain, inline)]
Package: pbuilder
Version: 0.170
Severity: wishlist
Tags: patch

Hi,

As discussed on the boat under DebConf, here's a patch to enable ccache
support in pbuilder. I've only tested it lightly, but it seems to work
well.

-- System Information:
Debian Release: lenny/sid
  APT prefers oldstable
  APT policy: (500, 'oldstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-rc4 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages pbuilder depends on:
ii  cdebootstrap                  0.4.3      Bootstrap a Debian system
ii  coreutils                     5.97-5.3   The GNU core utilities
ii  debianutils                   2.21.1     Miscellaneous utilities specific t
ii  debootstrap                   1.0.0      Bootstrap a basic Debian system
ii  gcc                           4:4.1.2-3  The GNU C compiler
ii  wget                          1.10.2-3   retrieves files from the web

Versions of packages pbuilder recommends:
ii  cowdancer                     0.36       Copy-on-write directory tree utili
ii  devscripts                    2.10.5     Scripts to make the life of a Debi
ii  fakeroot                      1.7.1      Gives a fake root environment
ii  sudo                          1.6.8p12-5 Provide limited super user privile

-- no debconf information
[pbuilder-ccache.diff (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>:
Bug#430765; Package pbuilder. Full text and rfc822 format available.

Acknowledgement sent to Mike Hommey <mh@glandium.org>:
Extra info received and forwarded to list. Copy sent to Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #10 received at 430765@bugs.debian.org (full text, mbox):

From: Mike Hommey <mh@glandium.org>
To: "Steinar H. Gunderson" <sesse@debian.org>, 430765@bugs.debian.org
Subject: Re: Bug#430765: please add ccache support
Date: Wed, 27 Jun 2007 20:10:39 +0200
On Wed, Jun 27, 2007 at 10:34:11AM +0200, Steinar H. Gunderson <sesse@debian.org> wrote:
> Package: pbuilder
> Version: 0.170
> Severity: wishlist
> Tags: patch
> 
> Hi,
> 
> As discussed on the boat under DebConf, here's a patch to enable ccache
> support in pbuilder. I've only tested it lightly, but it seems to work
> well.

I looks a bit overkill to copy the cache over... why not just bind mount
it ?

FWIW, the simple setup that just works(tm):
    export CCACHE_DIR="/var/cache/pbuilder/ccache"
    export PATH="/usr/lib/ccache:${PATH}"
    EXTRAPACKAGES=ccache
    BINDMOUNTS="${CCACHE_DIR}" 

BTW, why not use CCACHE_DIR instead of CCACHE_LOCATION ?

Mike



Information forwarded to debian-bugs-dist@lists.debian.org, Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>:
Bug#430765; Package pbuilder. Full text and rfc822 format available.

Acknowledgement sent to "Steinar H. Gunderson" <sgunderson@bigfoot.com>:
Extra info received and forwarded to list. Copy sent to Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #15 received at 430765@bugs.debian.org (full text, mbox):

From: "Steinar H. Gunderson" <sgunderson@bigfoot.com>
To: Mike Hommey <mh@glandium.org>
Cc: 430765@bugs.debian.org
Subject: Re: Bug#430765: please add ccache support
Date: Wed, 27 Jun 2007 22:52:06 +0200
On Wed, Jun 27, 2007 at 08:10:39PM +0200, Mike Hommey wrote:
> I looks a bit overkill to copy the cache over... why not just bind mount
> it ?

The permissions get all wrong. I initially tried bind-mounting, but suddenly
a random user from the outside can fiddle with your ccache. That is not a
good thing.

> BTW, why not use CCACHE_DIR instead of CCACHE_LOCATION ?

Feel free to change such aspects. :-)

/* Steinar */
-- 
Homepage: http://www.sesse.net/




Information forwarded to debian-bugs-dist@lists.debian.org, Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>:
Bug#430765; Package pbuilder. Full text and rfc822 format available.

Acknowledgement sent to Junichi Uekawa <dancer@netfort.gr.jp>:
Extra info received and forwarded to list. Copy sent to Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #20 received at 430765@bugs.debian.org (full text, mbox):

From: Junichi Uekawa <dancer@netfort.gr.jp>
To: "Steinar H. Gunderson" <sgunderson@bigfoot.com>, 430765@bugs.debian.org
Cc: Mike Hommey <mh@glandium.org>
Subject: Re: [Pbuilder-maint] Bug#430765: please add ccache support
Date: Thu, 28 Jun 2007 08:12:38 +0900
Hi,

> > I looks a bit overkill to copy the cache over... why not just bind mount
> > it ?
> 
> The permissions get all wrong. I initially tried bind-mounting, but suddenly
> a random user from the outside can fiddle with your ccache. That is not a
> good thing.

I don't think that's too much of a problem if the way ccache works is
what I think it does.  Looking at Steiner's patch, it's rather too
big. Why not just provide the configuration file, and make a shorthand
option for the configuration?


> > BTW, why not use CCACHE_DIR instead of CCACHE_LOCATION ?
> 
> Feel free to change such aspects. :-)

I think it'd be better to follow existing documentation and name it
accordingly.

http://pbuilder.alioth.debian.org/#ccache


regards,
	junichi
-- 
dancer@{debian.org,netfort.gr.jp}   Debian Project



Information forwarded to debian-bugs-dist@lists.debian.org, Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>:
Bug#430765; Package pbuilder. Full text and rfc822 format available.

Acknowledgement sent to "Steinar H. Gunderson" <sgunderson@bigfoot.com>:
Extra info received and forwarded to list. Copy sent to Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #25 received at 430765@bugs.debian.org (full text, mbox):

From: "Steinar H. Gunderson" <sgunderson@bigfoot.com>
To: Junichi Uekawa <dancer@netfort.gr.jp>
Cc: 430765@bugs.debian.org, Mike Hommey <mh@glandium.org>
Subject: Re: [Pbuilder-maint] Bug#430765: please add ccache support
Date: Thu, 28 Jun 2007 01:24:24 +0200
On Thu, Jun 28, 2007 at 08:12:38AM +0900, Junichi Uekawa wrote:
>> The permissions get all wrong. I initially tried bind-mounting, but suddenly
>> a random user from the outside can fiddle with your ccache. That is not a
>> good thing.
> I don't think that's too much of a problem if the way ccache works is
> what I think it does.

Could you outline your assumptions, please?

> Looking at Steiner's patch, it's rather too big. Why not just provide the
> configuration file, and make a shorthand option for the configuration?

Well, if you change the {save,restore}_ccache to using bind mounts instead,
the patch _is_ almost just that. So I guess we agree :-)

/* Steinar */
-- 
Homepage: http://www.sesse.net/




Information forwarded to debian-bugs-dist@lists.debian.org, Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>:
Bug#430765; Package pbuilder. Full text and rfc822 format available.

Acknowledgement sent to Junichi Uekawa <dancer@netfort.gr.jp>:
Extra info received and forwarded to list. Copy sent to Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #30 received at 430765@bugs.debian.org (full text, mbox):

From: Junichi Uekawa <dancer@netfort.gr.jp>
To: "Steinar H. Gunderson" <sgunderson@bigfoot.com>
Cc: Junichi Uekawa <dancer@netfort.gr.jp>, 430765@bugs.debian.org, Mike Hommey <mh@glandium.org>
Subject: Re: [Pbuilder-maint] Bug#430765: please add ccache support
Date: Thu, 28 Jun 2007 09:00:23 +0900
Hi,

> >> The permissions get all wrong. I initially tried bind-mounting, but suddenly
> >> a random user from the outside can fiddle with your ccache. That is not a
> >> good thing.
> > I don't think that's too much of a problem if the way ccache works is
> > what I think it does.
> 
> Could you outline your assumptions, please?

ccache is supposed to do the right thing even when ccache data is
shared inside/outside of chroot, right? Users can fiddle with your
ccache and you should not be affected.


> > Looking at Steiner's patch, it's rather too big. Why not just provide the
> > configuration file, and make a shorthand option for the configuration?
> 
> Well, if you change the {save,restore}_ccache to using bind mounts instead,
> the patch _is_ almost just that. So I guess we agree :-)

There's a big difference between using already-existing --bindmounts
feature through configuration file and adding a new function.


regards,
	junichi
-- 
dancer@{debian.org,netfort.gr.jp}   Debian Project



Information forwarded to debian-bugs-dist@lists.debian.org, Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>:
Bug#430765; Package pbuilder. (Sat, 02 Jan 2010 16:18:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Loïc Minier <lool@dooz.org>:
Extra info received and forwarded to list. Copy sent to Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>. (Sat, 02 Jan 2010 16:18:03 GMT) Full text and rfc822 format available.

Message #35 received at 430765@bugs.debian.org (full text, mbox):

From: Loïc Minier <lool@dooz.org>
To: Junichi Uekawa <dancer@netfort.gr.jp>, 430765@bugs.debian.org
Cc: "Steinar H. Gunderson" <sgunderson@bigfoot.com>, Mike Hommey <mh@glandium.org>, control@bugs.debian.org
Subject: Re: Bug#430765: [Pbuilder-maint] Bug#430765: please add ccache support
Date: Sat, 2 Jan 2010 17:16:38 +0100
clone 430765 -1
retitle -1 SECURITY: Host user 1234 can tamper with build chroot
tag -1 + security
stop

On Thu, Jun 28, 2007, Junichi Uekawa wrote:
> > >> The permissions get all wrong. I initially tried bind-mounting, but suddenly
> > >> a random user from the outside can fiddle with your ccache. That is not a
> > >> good thing.
> > > I don't think that's too much of a problem if the way ccache works is
> > > what I think it does.
> > 
> > Could you outline your assumptions, please?
> 
> ccache is supposed to do the right thing even when ccache data is
> shared inside/outside of chroot, right? Users can fiddle with your
> ccache and you should not be affected.

 I don't think ccache can detect this case; I think what Steinar is
 saying is that e.g. /var/cache/pbuilder/ccache/**/* files will be owned
 by the user from within the chroot used to build packages, typically
 uid 1234, but this user might be a real (potentially malicious) user
 outside of the chroot.  This 1234 user on the host could change the
 compiled data so that the next build using the ccache with the same
 source would pick up a modified (and malicious) version.

 I agree it's an issue, and I think pbuilder should create an user +
 group on the host, and use the same uids in the chroots (e.g. "getent
 passwd >$CHROOT/etc/passwd").

 I think this is not a new issue though: the build also runs as guest
 uid 1234 and a malicious host user 1234 could just as well write to:
 /var/cache/pbuilder/build/<build-id>/tmp/buildd/<source-package-version>/
 (i.e. to the build tree).


 I just pushed a ccache support patch to pbuilder git; I'm happy to hear
 feedback on this patch.

    Thanks,
-- 
Loïc Minier




Bug 430765 cloned as bug 563398. Request was from Loïc Minier <lool@dooz.org> to control@bugs.debian.org. (Sat, 02 Jan 2010 16:18:03 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from Loïc Minier <lool@dooz.org> to control@bugs.debian.org. (Sat, 02 Jan 2010 16:18:09 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>:
Bug#430765; Package pbuilder. (Sat, 02 Jan 2010 16:24:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mike Hommey <mh@glandium.org>:
Extra info received and forwarded to list. Copy sent to Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>. (Sat, 02 Jan 2010 16:24:06 GMT) Full text and rfc822 format available.

Message #44 received at 430765@bugs.debian.org (full text, mbox):

From: Mike Hommey <mh@glandium.org>
To: Loïc Minier <lool@dooz.org>
Cc: Junichi Uekawa <dancer@netfort.gr.jp>, 430765@bugs.debian.org, "Steinar H. Gunderson" <sgunderson@bigfoot.com>
Subject: Re: Bug#430765: [Pbuilder-maint] Bug#430765: please add ccache support
Date: Sat, 2 Jan 2010 17:20:36 +0100
On Sat, Jan 02, 2010 at 05:16:38PM +0100, Loïc Minier wrote:
> clone 430765 -1
> retitle -1 SECURITY: Host user 1234 can tamper with build chroot
> tag -1 + security
> stop
> 
> On Thu, Jun 28, 2007, Junichi Uekawa wrote:
> > > >> The permissions get all wrong. I initially tried bind-mounting, but suddenly
> > > >> a random user from the outside can fiddle with your ccache. That is not a
> > > >> good thing.
> > > > I don't think that's too much of a problem if the way ccache works is
> > > > what I think it does.
> > > 
> > > Could you outline your assumptions, please?
> > 
> > ccache is supposed to do the right thing even when ccache data is
> > shared inside/outside of chroot, right? Users can fiddle with your
> > ccache and you should not be affected.
> 
>  I don't think ccache can detect this case; I think what Steinar is
>  saying is that e.g. /var/cache/pbuilder/ccache/**/* files will be owned
>  by the user from within the chroot used to build packages, typically
>  uid 1234, but this user might be a real (potentially malicious) user
>  outside of the chroot.  This 1234 user on the host could change the
>  compiled data so that the next build using the ccache with the same
>  source would pick up a modified (and malicious) version.
> 
>  I agree it's an issue, and I think pbuilder should create an user +
>  group on the host, and use the same uids in the chroots (e.g. "getent
>  passwd >$CHROOT/etc/passwd").
> 
>  I think this is not a new issue though: the build also runs as guest
>  uid 1234 and a malicious host user 1234 could just as well write to:
>  /var/cache/pbuilder/build/<build-id>/tmp/buildd/<source-package-version>/
>  (i.e. to the build tree).
> 
> 
>  I just pushed a ccache support patch to pbuilder git; I'm happy to hear
>  feedback on this patch.

Shouldn't pbuilder try to use the original user uid ? I, for one, set
BUILDUSERID to my own uid...

Cheers,

Mike




Information forwarded to debian-bugs-dist@lists.debian.org, Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>:
Bug#430765; Package pbuilder. (Sat, 02 Jan 2010 16:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Loïc Minier <lool@dooz.org>:
Extra info received and forwarded to list. Copy sent to Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>. (Sat, 02 Jan 2010 16:33:03 GMT) Full text and rfc822 format available.

Message #49 received at 430765@bugs.debian.org (full text, mbox):

From: Loïc Minier <lool@dooz.org>
To: Mike Hommey <mh@glandium.org>
Cc: Junichi Uekawa <dancer@netfort.gr.jp>, 430765@bugs.debian.org, "Steinar H. Gunderson" <sgunderson@bigfoot.com>
Subject: Re: Bug#430765: [Pbuilder-maint] Bug#430765: please add ccache support
Date: Sat, 2 Jan 2010 17:28:23 +0100
On Sat, Jan 02, 2010, Mike Hommey wrote:
> Shouldn't pbuilder try to use the original user uid ? I, for one, set
> BUILDUSERID to my own uid...

 Oh that would work too; I think I would prefer pbuilder using a
 separate user id since the build might do evil things e.g. killall.

-- 
Loïc Minier




Information forwarded to debian-bugs-dist@lists.debian.org, Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>:
Bug#430765; Package pbuilder. (Sat, 02 Jan 2010 16:42:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mike Hommey <mh@glandium.org>:
Extra info received and forwarded to list. Copy sent to Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>. (Sat, 02 Jan 2010 16:42:03 GMT) Full text and rfc822 format available.

Message #54 received at 430765@bugs.debian.org (full text, mbox):

From: Mike Hommey <mh@glandium.org>
To: Loïc Minier <lool@dooz.org>
Cc: Junichi Uekawa <dancer@netfort.gr.jp>, 430765@bugs.debian.org, "Steinar H. Gunderson" <sgunderson@bigfoot.com>
Subject: Re: Bug#430765: [Pbuilder-maint] Bug#430765: please add ccache support
Date: Sat, 2 Jan 2010 17:36:47 +0100
On Sat, Jan 02, 2010 at 05:28:23PM +0100, Loïc Minier wrote:
> On Sat, Jan 02, 2010, Mike Hommey wrote:
> > Shouldn't pbuilder try to use the original user uid ? I, for one, set
> > BUILDUSERID to my own uid...
> 
>  Oh that would work too; I think I would prefer pbuilder using a
>  separate user id since the build might do evil things e.g. killall.

unshare(CLONE_NEWPID) ?

Mike




Information forwarded to debian-bugs-dist@lists.debian.org, Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>:
Bug#430765; Package pbuilder. (Sat, 02 Jan 2010 16:42:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mike Hommey <mh@glandium.org>:
Extra info received and forwarded to list. Copy sent to Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>. (Sat, 02 Jan 2010 16:42:05 GMT) Full text and rfc822 format available.

Message #59 received at 430765@bugs.debian.org (full text, mbox):

From: Mike Hommey <mh@glandium.org>
To: Loïc Minier <lool@dooz.org>
Cc: Junichi Uekawa <dancer@netfort.gr.jp>, 430765@bugs.debian.org, "Steinar H. Gunderson" <sgunderson@bigfoot.com>
Subject: Re: Bug#430765: [Pbuilder-maint] Bug#430765: please add ccache support
Date: Sat, 2 Jan 2010 17:39:17 +0100
On Sat, Jan 02, 2010 at 05:36:47PM +0100, Mike Hommey wrote:
> On Sat, Jan 02, 2010 at 05:28:23PM +0100, Loïc Minier wrote:
> > On Sat, Jan 02, 2010, Mike Hommey wrote:
> > > Shouldn't pbuilder try to use the original user uid ? I, for one, set
> > > BUILDUSERID to my own uid...
> > 
> >  Oh that would work too; I think I would prefer pbuilder using a
> >  separate user id since the build might do evil things e.g. killall.
> 
> unshare(CLONE_NEWPID) ?

That only works with clone(), not unshare, but you get the idea.

Mike




Information forwarded to debian-bugs-dist@lists.debian.org, Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>:
Bug#430765; Package pbuilder. (Sun, 03 Jan 2010 02:39:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Junichi Uekawa <dancer@netfort.gr.jp>:
Extra info received and forwarded to list. Copy sent to Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>. (Sun, 03 Jan 2010 02:39:03 GMT) Full text and rfc822 format available.

Message #64 received at 430765@bugs.debian.org (full text, mbox):

From: Junichi Uekawa <dancer@netfort.gr.jp>
To: Mike Hommey <mh@glandium.org>
Cc: Loïc Minier <lool@dooz.org>, Junichi Uekawa <dancer@netfort.gr.jp>, 430765@bugs.debian.org, "Steinar H. Gunderson" <sgunderson@bigfoot.com>
Subject: Re: Bug#430765: [Pbuilder-maint] Bug#430765: please add ccache support
Date: Sun, 03 Jan 2010 11:36:46 +0900
Hi,

At Sat, 2 Jan 2010 17:39:17 +0100,
Mike Hommey wrote:
> 
> On Sat, Jan 02, 2010 at 05:36:47PM +0100, Mike Hommey wrote:
> > On Sat, Jan 02, 2010 at 05:28:23PM +0100, Loïc Minier wrote:
> > > On Sat, Jan 02, 2010, Mike Hommey wrote:
> > > > Shouldn't pbuilder try to use the original user uid ? I, for one, set
> > > > BUILDUSERID to my own uid...
> > > 
> > >  Oh that would work too; I think I would prefer pbuilder using a
> > >  separate user id since the build might do evil things e.g. killall.
> > 
> > unshare(CLONE_NEWPID) ?
> 
> That only works with clone(), not unshare, but you get the idea.

There's two different scenarios

1. I want to protect myself from malicious code (set it to some random
user id).  CLONE_NEWPID might be a better idea in this case.

2. I want to use the same user id inside the chroot too because I
trust the code (e.g. pdebuild). This shouldn't be CLONE_NEWPID,
because pdebuild-internal would require access to /home with the
original PID.



So, using CLONE_NEWPID would have to be an optional thing.






Information forwarded to debian-bugs-dist@lists.debian.org, Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>:
Bug#430765; Package pbuilder. (Sun, 03 Jan 2010 08:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mike Hommey <mh@glandium.org>:
Extra info received and forwarded to list. Copy sent to Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>. (Sun, 03 Jan 2010 08:27:03 GMT) Full text and rfc822 format available.

Message #69 received at 430765@bugs.debian.org (full text, mbox):

From: Mike Hommey <mh@glandium.org>
To: Junichi Uekawa <dancer@netfort.gr.jp>
Cc: Loïc Minier <lool@dooz.org>, 430765@bugs.debian.org, "Steinar H. Gunderson" <sgunderson@bigfoot.com>
Subject: Re: Bug#430765: [Pbuilder-maint] Bug#430765: please add ccache support
Date: Sun, 3 Jan 2010 09:21:08 +0100
On Sun, Jan 03, 2010 at 11:36:46AM +0900, Junichi Uekawa wrote:
> Hi,
> 
> At Sat, 2 Jan 2010 17:39:17 +0100,
> Mike Hommey wrote:
> > 
> > On Sat, Jan 02, 2010 at 05:36:47PM +0100, Mike Hommey wrote:
> > > On Sat, Jan 02, 2010 at 05:28:23PM +0100, Loïc Minier wrote:
> > > > On Sat, Jan 02, 2010, Mike Hommey wrote:
> > > > > Shouldn't pbuilder try to use the original user uid ? I, for one, set
> > > > > BUILDUSERID to my own uid...
> > > > 
> > > >  Oh that would work too; I think I would prefer pbuilder using a
> > > >  separate user id since the build might do evil things e.g. killall.
> > > 
> > > unshare(CLONE_NEWPID) ?
> > 
> > That only works with clone(), not unshare, but you get the idea.
> 
> There's two different scenarios
> 
> 1. I want to protect myself from malicious code (set it to some random
> user id).  CLONE_NEWPID might be a better idea in this case.
> 
> 2. I want to use the same user id inside the chroot too because I
> trust the code (e.g. pdebuild). This shouldn't be CLONE_NEWPID,
> because pdebuild-internal would require access to /home with the
> original PID.

Why is that ? Also note that for "external" processes, the pid is the
original one.

Mike




Information forwarded to debian-bugs-dist@lists.debian.org, Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>:
Bug#430765; Package pbuilder. (Sun, 03 Jan 2010 23:24:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Junichi Uekawa <dancer@netfort.gr.jp>:
Extra info received and forwarded to list. Copy sent to Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>. (Sun, 03 Jan 2010 23:24:06 GMT) Full text and rfc822 format available.

Message #74 received at 430765@bugs.debian.org (full text, mbox):

From: Junichi Uekawa <dancer@netfort.gr.jp>
To: Mike Hommey <mh@glandium.org>
Cc: Loïc Minier <lool@dooz.org>, Junichi Uekawa <dancer@netfort.gr.jp>, 430765@bugs.debian.org, "Steinar H. Gunderson" <sgunderson@bigfoot.com>
Subject: Re: Bug#430765: [Pbuilder-maint] Bug#430765: please add ccache support
Date: Mon, 04 Jan 2010 08:20:40 +0900
ermm...

why are you talking about CLONE_NEWPID.

I think you wanted to talk about CLONE_NEWUSER so that same UID won't affect outside the chroot.

At Sun, 03 Jan 2010 11:36:46 +0900,
Junichi Uekawa wrote:
> 
> Hi,
> 
> At Sat, 2 Jan 2010 17:39:17 +0100,
> Mike Hommey wrote:
> > 
> > On Sat, Jan 02, 2010 at 05:36:47PM +0100, Mike Hommey wrote:
> > > On Sat, Jan 02, 2010 at 05:28:23PM +0100, Loïc Minier wrote:
> > > > On Sat, Jan 02, 2010, Mike Hommey wrote:
> > > > > Shouldn't pbuilder try to use the original user uid ? I, for one, set
> > > > > BUILDUSERID to my own uid...
> > > > 
> > > >  Oh that would work too; I think I would prefer pbuilder using a
> > > >  separate user id since the build might do evil things e.g. killall.
> > > 
> > > unshare(CLONE_NEWPID) ?
> > 
> > That only works with clone(), not unshare, but you get the idea.
> 
> There's two different scenarios
> 
> 1. I want to protect myself from malicious code (set it to some random
> user id).  CLONE_NEWPID might be a better idea in this case.
> 
> 2. I want to use the same user id inside the chroot too because I
> trust the code (e.g. pdebuild). This shouldn't be CLONE_NEWPID,
> because pdebuild-internal would require access to /home with the
> original PID.
> 
> 
> 
> So, using CLONE_NEWPID would have to be an optional thing.
> 
> 




Information forwarded to debian-bugs-dist@lists.debian.org, Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>:
Bug#430765; Package pbuilder. (Mon, 04 Jan 2010 05:18:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mike Hommey <mh@glandium.org>:
Extra info received and forwarded to list. Copy sent to Debian pbuilder maintenance team <pbuilder-maint@lists.alioth.debian.org>. (Mon, 04 Jan 2010 05:18:06 GMT) Full text and rfc822 format available.

Message #79 received at 430765@bugs.debian.org (full text, mbox):

From: Mike Hommey <mh@glandium.org>
To: Junichi Uekawa <dancer@netfort.gr.jp>
Cc: Loïc Minier <lool@dooz.org>, 430765@bugs.debian.org, "Steinar H. Gunderson" <sgunderson@bigfoot.com>
Subject: Re: Bug#430765: [Pbuilder-maint] Bug#430765: please add ccache support
Date: Mon, 4 Jan 2010 06:13:44 +0100
On Mon, Jan 04, 2010 at 08:20:40AM +0900, Junichi Uekawa wrote:
> ermm...
> 
> why are you talking about CLONE_NEWPID.

To prevent processes in the chroot to access processes outside the
chroot.

> I think you wanted to talk about CLONE_NEWUSER so that same UID won't affect outside the chroot.

Does it work with CFS, now ? (a while ago it would fail because in this
case it tries to create /sys/kernel/uids/0, which sysfs refuses)




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 17:06:28 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.