[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Mock and consolehelper

On Wed, 2007-12-19 at 07:19 +0000, Kevin Kofler wrote:
> I have noticed that mock in Rawhide has been changed to drop the SUID helper, 
> instead consolehelper is used to run the entire mock as root. IMHO, this is a 
> regression:
> * It now means you have to know the root password to run mock. Before, it was 
> possible to give out mock access and only that simply by making the user a 
> member of the mockbuild group. Now the only way to do that is to allow running 
> all of mock as root, which probably opens up several ways to get full root 
> access from there.
You can configure access to mock through the /etc/pam.d/mock file and it
currently already should allow to non-interactive use by users in group
mock. There is:

auth            sufficient      pam_rootok.so
auth            sufficient      pam_succeed_if.so user ingroup mock use_uid quiet

> * It means mock has to be run interactively. What are the implications of this 
> on the builders? Will they have to install all of mock SUID root, or set up 
> consolehelper in a way which effectively does the same?
> * It reduces security, as instead of a small helper doing only a few controlled 
> operations, you now run all of mock as root. Sure, it's Python, so buffer 
> overflows probably can't happen, but still, trigger any bug in mock with a 
> trojaned SRPM and you have root.
mock could still drop priviledges - change to mock user or whatever as
soon as it doesn't need to be root anymore.

Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]