Debian Bug report logs - #697438
ITP: linux-user-chroot -- setuid helper for user chroots

version graph

Package: wnpp; Maintainer for wnpp is wnpp@debian.org;

Reported by: Thomas Bechtold <thomasbechtold@jpberlin.de>

Date: Sat, 5 Jan 2013 11:39:01 UTC

Owned by: wnpp@debian.org

Severity: wishlist

Fixed in version linux-user-chroot/2013.1-1

Done: Laszlo Boszormenyi (GCS) <gcs@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#697438; Package wnpp. (Sat, 05 Jan 2013 11:39:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thomas Bechtold <thomasbechtold@jpberlin.de>:
New Bug report received and forwarded. Copy sent to wnpp@debian.org. (Sat, 05 Jan 2013 11:39:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Thomas Bechtold <thomasbechtold@jpberlin.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: RFP: linux-user-chroot -- setuid helper for making bind mounts and chrooting
Date: Sat, 05 Jan 2013 12:36:11 +0100
Package: wnpp
Severity: wishlist

* Package name    : linux-user-chroot
  Version         : 2012.2
  Upstream Author : Colin Walters <walters@verbum.org>
* URL             : http://git.gnome.org/browse/linux-user-chroot/
* License         : GPL-2
  Programming Lang: C
  Description     : setuid helper for making bind mounts and chrooting

This tool allows regular (non-root) users to call chroot(2), create Linux bind mounts, and use some Linux container features.  It's primarily intended for use by build systems.



Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#697438; Package wnpp. (Sat, 05 Jan 2013 11:54:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to daniel@debian.org:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org. (Sat, 05 Jan 2013 11:54:03 GMT) Full text and rfc822 format available.

Message #10 received at 697438@bugs.debian.org (full text, mbox):

From: Daniel Baumann <daniel@debian.org>
To: 697438-submitter@bugs.debian.org
Cc: 697438@bugs.debian.org
Subject: Re: RFP: linux-user-chroot -- setuid helper for making bind mounts and chrooting
Date: Sat, 05 Jan 2013 12:52:57 +0100
retitle 697438 ITP: linux-user-chroot -- setuid helper for user chroots
owner 697438 Daniel Baumann <daniel.baumann@progress-technologies.net>
thanks

i'll take care about this.

-- 
Address:        Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern
Email:          daniel.baumann@progress-technologies.net
Internet:       http://people.progress-technologies.net/~daniel.baumann/



Changed Bug title to 'ITP: linux-user-chroot -- setuid helper for user chroots' from 'RFP: linux-user-chroot -- setuid helper for making bind mounts and chrooting' Request was from Daniel Baumann <daniel@debian.org> to control@bugs.debian.org. (Sat, 05 Jan 2013 11:54:04 GMT) Full text and rfc822 format available.

Owner recorded as Daniel Baumann <daniel.baumann@progress-technologies.net>. Request was from Daniel Baumann <daniel@debian.org> to control@bugs.debian.org. (Sat, 05 Jan 2013 11:54:05 GMT) Full text and rfc822 format available.

Message sent on to Thomas Bechtold <thomasbechtold@jpberlin.de>:
Bug#697438. (Sat, 05 Jan 2013 11:54:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Daniel Baumann <daniel.baumann@progress-technologies.net>:
Bug#697438; Package wnpp. (Sat, 05 Jan 2013 14:30:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thomas Bechtold <thomasbechtold@jpberlin.de>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Daniel Baumann <daniel.baumann@progress-technologies.net>. (Sat, 05 Jan 2013 14:30:03 GMT) Full text and rfc822 format available.

Message #22 received at 697438@bugs.debian.org (full text, mbox):

From: Thomas Bechtold <thomasbechtold@jpberlin.de>
To: 697438@bugs.debian.org
Subject: Re: Bug#697438: Acknowledgement (RFP: linux-user-chroot -- setuid helper for making bind mounts and chrooting)
Date: Sat, 05 Jan 2013 15:27:42 +0100
I started the packaging here: 
http://anonscm.debian.org/gitweb/?p=collab-maint/linux-user-chroot.git;a=summary



Owner changed from Daniel Baumann <daniel.baumann@progress-technologies.net> to wnpp@debian.org. Request was from Daniel Baumann <daniel.baumann@progress-technologies.net> to control@bugs.debian.org. (Mon, 11 Mar 2013 19:33:08 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#697438; Package wnpp. (Thu, 12 Sep 2013 15:57:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Emanuele Aina <emanuele.aina@collabora.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org. (Thu, 12 Sep 2013 15:57:04 GMT) Full text and rfc822 format available.

Message #29 received at 697438@bugs.debian.org (full text, mbox):

From: Emanuele Aina <emanuele.aina@collabora.com>
To: 697438@bugs.debian.org
Subject: Re: Bug#697438: Acknowledgement (RFP: linux-user-chroot -- setuid helper for making bind mounts and chrooting)
Date: Thu, 12 Sep 2013 17:45:55 +0200
Hello all, I've updated the linux-user-chroot packaging to the latest
release (2013.1), and I took the liberty of rebasing Thomas' work on top
of the upstream git history:

https://github.com/em-/pkg-linux-user-chroot-debian

Other than integrating the new release the main change I've made is to
use setuid instead of setgid, as setgid wasn't working for me (and the
fedora packaging uses setuid too).




Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#697438; Package wnpp. (Thu, 12 Sep 2013 22:12:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to László Böszörményi (GCS) <gcs@debian.org>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org. (Thu, 12 Sep 2013 22:12:05 GMT) Full text and rfc822 format available.

Message #34 received at 697438@bugs.debian.org (full text, mbox):

From: László Böszörményi (GCS) <gcs@debian.org>
To: Thomas Bechtold <thomasbechtold@jpberlin.de>, Emanuele Aina <emanuele.aina@collabora.com>
Cc: 697438@bugs.debian.org
Subject: linux-user-chroot Debian packaging
Date: Fri, 13 Sep 2013 00:09:25 +0200
Hi,

I wonder who is who in this packaging. Thomas didn't touch packaging
for eight months now. He put Utopia Maintenance Team to maintainer. No
idea how they are related.
Emanuele updated packaging, which has some problems. I've corrected
everything. I'm a Debian Developer, can maintain it by myself. What
others would like to do?

Also please note that the current state can be interpreted as some
kind of security threat. Its binary installed as setuid and executable
for everyone. A more safe solution would be a separate group and only
its members would be allowed to execute linux-user-chroot .

Regards,
Laszlo/GCS



Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#697438; Package wnpp. (Fri, 13 Sep 2013 06:15:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thomas Bechtold <thomasbechtold@jpberlin.de>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org. (Fri, 13 Sep 2013 06:15:05 GMT) Full text and rfc822 format available.

Message #39 received at 697438@bugs.debian.org (full text, mbox):

From: Thomas Bechtold <thomasbechtold@jpberlin.de>
To: "László Böszörményi (GCS)" <gcs@debian.org>
Cc: Emanuele Aina <emanuele.aina@collabora.com>, 697438@bugs.debian.org
Subject: Re: linux-user-chroot Debian packaging
Date: Fri, 13 Sep 2013 08:11:31 +0200
[Message part 1 (text/plain, inline)]
Hi László,

On 09/13/2013 12:09 AM, László Böszörményi (GCS) wrote:
> Hi,
> 
> I wonder who is who in this packaging. Thomas didn't touch packaging
> for eight months now. He put Utopia Maintenance Team to maintainer. No
> idea how they are related.

That's a bug. The intenion was to have the package under the
collab-maint umbrella. The git repository for packaging is already there
and you can just use it (every DD has write access to the collab-maint
repositories).
I already had a sponsor but after a couple of weeks he still had no time
for review and then I had no time to push the sponsoring search forward.

Cheers,,

Tom

[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#697438; Package wnpp. (Fri, 13 Sep 2013 06:51:22 GMT) Full text and rfc822 format available.

Acknowledgement sent to László Böszörményi (GCS) <gcs@debian.org>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org. (Fri, 13 Sep 2013 06:51:22 GMT) Full text and rfc822 format available.

Message #44 received at 697438@bugs.debian.org (full text, mbox):

From: László Böszörményi (GCS) <gcs@debian.org>
To: Thomas Bechtold <thomasbechtold@jpberlin.de>
Cc: Emanuele Aina <emanuele.aina@collabora.com>, 697438@bugs.debian.org
Subject: Re: linux-user-chroot Debian packaging
Date: Fri, 13 Sep 2013 08:46:28 +0200
Hi Thomas,

On Fri, Sep 13, 2013 at 8:11 AM, Thomas Bechtold
<thomasbechtold@jpberlin.de> wrote:
> On 09/13/2013 12:09 AM, László Böszörményi (GCS) wrote:
>> I wonder who is who in this packaging. Thomas didn't touch packaging
>> for eight months now. He put Utopia Maintenance Team to maintainer. No
>> idea how they are related.
>
> That's a bug. The intenion was to have the package under the
> collab-maint umbrella. The git repository for packaging is already there
> and you can just use it (every DD has write access to the collab-maint
> repositories).
 I used the one from Emanuele, as he stated it's an updated one. Will
check yours. Either incorporating changes from him or do the way it
suits best.
I know that I've commit rights to every collab-maint repositories, but
I ask for permission beforehand. As I see, it's not a problem for you
that I'll do the necessary changes.

> I already had a sponsor but after a couple of weeks he still had no time
> for review and then I had no time to push the sponsoring search forward.
 Here I am. Do you allow me to be part of your package (set you as the
maintainer and me as an uploader or vica-versa)?

Cheers,
Laszlo/GCS



Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#697438; Package wnpp. (Fri, 13 Sep 2013 08:06:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thomas Bechtold <thomasbechtold@jpberlin.de>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org. (Fri, 13 Sep 2013 08:06:10 GMT) Full text and rfc822 format available.

Message #49 received at 697438@bugs.debian.org (full text, mbox):

From: Thomas Bechtold <thomasbechtold@jpberlin.de>
To: "László Böszörményi (GCS)" <gcs@debian.org>
Cc: Emanuele Aina <emanuele.aina@collabora.com>, 697438@bugs.debian.org
Subject: Re: linux-user-chroot Debian packaging
Date: Fri, 13 Sep 2013 10:03:11 +0200
[Message part 1 (text/plain, inline)]
Hi László,

On 09/13/2013 08:46 AM, László Böszörményi (GCS) wrote:
>> I already had a sponsor but after a couple of weeks he still had no time
>> for review and then I had no time to push the sponsoring search forward.
>  Here I am. Do you allow me to be part of your package (set you as the
> maintainer and me as an uploader or vica-versa)?

Please go ahead and you can also takeover the maintainership.

Thanks!

Tom

[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#697438; Package wnpp. (Fri, 13 Sep 2013 08:18:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Emanuele Aina <emanuele.aina@collabora.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org. (Fri, 13 Sep 2013 08:18:04 GMT) Full text and rfc822 format available.

Message #54 received at 697438@bugs.debian.org (full text, mbox):

From: Emanuele Aina <emanuele.aina@collabora.com>
To: László Böszörményi "(GCS)" <gcs@debian.org>
Cc: Thomas Bechtold <thomasbechtold@jpberlin.de>, 697438@bugs.debian.org
Subject: Re: linux-user-chroot Debian packaging
Date: Fri, 13 Sep 2013 10:15:49 +0200
László Böszörményi (GCS) wrote:

>  I used the one from Emanuele, as he stated it's an updated one. Will
> check yours. Either incorporating changes from him or do the way it
> suits best.

I took Thomas patch with the debian/ files and cherry-picked it on top
of the upstream git history for version 2012.1, and then I updated it to
2013.1.

I usually prefer having the upstream history available when upstream
uses git, it makes tracking upstream changes easier.

Of course by doing so I diverged from the repo on collab-maint, I hope
this won't be an issue, either by force-pushing the new commits to
collab-maint, or disregarding my repo and cherry-picking my changes on
top of Thomas' repo.

> I know that I've commit rights to every collab-maint repositories, but
> I ask for permission beforehand. As I see, it's not a problem for you
> that I'll do the necessary changes.

I'm not a DD nor a DM yet, so I don't have special rights. As long as
some kind soul will get linux-user-chroot uploaded to Debian, whatever
you do is fine for me. :)

OOC, what issues you found in my package? Would you mind commenting on
Github or making your changes available somewhere?

Thanks!
Emanuele.




Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#697438; Package wnpp. (Mon, 16 Sep 2013 11:39:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Emanuele Aina <emanuele.aina@collabora.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org. (Mon, 16 Sep 2013 11:39:05 GMT) Full text and rfc822 format available.

Message #59 received at 697438@bugs.debian.org (full text, mbox):

From: Emanuele Aina <emanuele.aina@collabora.com>
To: László Böszörményi "(GCS)" <gcs@debian.org>
Cc: Thomas Bechtold <thomasbechtold@jpberlin.de>, 697438@bugs.debian.org
Subject: Re: linux-user-chroot Debian packaging
Date: Mon, 16 Sep 2013 13:37:46 +0200
László Böszörményi (GCS) wrote:

> Also please note that the current state can be interpreted as some
> kind of security threat. Its binary installed as setuid and executable
> for everyone. A more safe solution would be a separate group and only
> its members would be allowed to execute linux-user-chroot .

Yup, I'm not sure how serious the threat may be, but restricting it a
bit would fine for me.

Note though that the Fedora package does not do that[1] and since it is
done by Colin I'm not sure if we want to diverge from it.

Asking Colin about the group restriction may be a good a idea.

[1] http://pkgs.fedoraproject.org/cgit/linux-user-chroot.git/tree/linux-user-chroot.spec#n32




Added tag(s) pending. Request was from Anibal Monsalve Salazar <anibal@debian.org> to control@bugs.debian.org. (Mon, 23 Sep 2013 20:06:05 GMT) Full text and rfc822 format available.

Reply sent to Laszlo Boszormenyi (GCS) <gcs@debian.org>:
You have taken responsibility. (Fri, 11 Oct 2013 01:03:05 GMT) Full text and rfc822 format available.

Notification sent to Thomas Bechtold <thomasbechtold@jpberlin.de>:
Bug acknowledged by developer. (Fri, 11 Oct 2013 01:03:06 GMT) Full text and rfc822 format available.

Message #66 received at 697438-close@bugs.debian.org (full text, mbox):

From: Laszlo Boszormenyi (GCS) <gcs@debian.org>
To: 697438-close@bugs.debian.org
Subject: Bug#697438: fixed in linux-user-chroot 2013.1-1
Date: Fri, 11 Oct 2013 01:00:06 +0000
Source: linux-user-chroot
Source-Version: 2013.1-1

We believe that the bug you reported is fixed in the latest version of
linux-user-chroot, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 697438@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated linux-user-chroot package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 12 Sep 2013 23:36:46 +0200
Source: linux-user-chroot
Binary: linux-user-chroot linux-user-chroot-dbg
Architecture: source amd64
Version: 2013.1-1
Distribution: unstable
Urgency: low
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description: 
 linux-user-chroot - setuid helper for making bind mounts and chrooting
 linux-user-chroot-dbg - setuid helper for making bind mounts and chrooting (debug files)
Closes: 697438
Changes: 
 linux-user-chroot (2013.1-1) unstable; urgency=low
 .
   [ Thomas Bechtold ]
   * Initial release (closes: #697438).
 .
   [ Emanuele Aina ]
   * New upstream version.
   * Add the linux-user-chroot-dbg package for the debug symbols.
 .
   [ Laszlo Boszormenyi (GCS) ]
   * Correct packaging and debian/copyright .
   * Add .PHONY to debian/rules .
Checksums-Sha1: 
 d7d1ddeaed865aaa9284c177a6b0175d04f2a3bb 1416 linux-user-chroot_2013.1-1.dsc
 4d158e691732ad6e6be95203146c448bd64e90a0 15899 linux-user-chroot_2013.1.orig.tar.gz
 2a9aa0ef77243045cd250a301ea95268477910f8 1987 linux-user-chroot_2013.1-1.debian.tar.gz
 3b93774ec53b9c19b5a0de9496a034f34657aa30 9184 linux-user-chroot_2013.1-1_amd64.deb
 aeaf3d34b1fb910f5a7f223576885c7843a0f80a 10332 linux-user-chroot-dbg_2013.1-1_amd64.deb
Checksums-Sha256: 
 434fd4d5cde68b44d0d00f716b73f48dafa43c0d8ac1b3b29d5819b3b8e07648 1416 linux-user-chroot_2013.1-1.dsc
 d7c61424c47f8e576af2b5d205442692021bf04e988faa385ff385aa412cd56e 15899 linux-user-chroot_2013.1.orig.tar.gz
 14d4ffc580456a18bd16b2acea08b499b4e5c3d3fd2e6523787db23ddd2b0a1b 1987 linux-user-chroot_2013.1-1.debian.tar.gz
 af995288f33474db5c1f63ab6ac67cd5181a2def94a182750d4fc4def6bc31b6 9184 linux-user-chroot_2013.1-1_amd64.deb
 0d7dca4ab0dd6c268c6d6f86e7488498fb3fda93569b3414c2da1aee0d01af54 10332 linux-user-chroot-dbg_2013.1-1_amd64.deb
Files: 
 99ef5ed0b851e325fc8d33c66b9a8a18 1416 devel optional linux-user-chroot_2013.1-1.dsc
 38825ad1a100f50d222564fc39784a44 15899 devel optional linux-user-chroot_2013.1.orig.tar.gz
 d4de2e72664afcd64d7bca7f0faf709c 1987 devel optional linux-user-chroot_2013.1-1.debian.tar.gz
 bd3f6727d6190174b9ec92ddccf8c56a 9184 devel optional linux-user-chroot_2013.1-1_amd64.deb
 cd3384a957ac37baf98ce9ac6b03130a 10332 debug extra linux-user-chroot-dbg_2013.1-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iEYEARECAAYFAlJAiQsACgkQMDatjqUaT90scQCfX3ueXM4q1mLMUYEb6OKmQUnB
7xQAn3S/WW752PWc/ZZBxVBlUiRICkiF
=Di/t
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 08 Nov 2013 07:29:00 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 19:06:33 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.