On Tue, Sep 30, 2014 at 11:23:50PM +0200, Sébastien Luttringer wrote:
On 22/09/2014 14:35, Dave Reisner wrote:
Changing UID to that of 'nobody' is arbitrary at best, and an information leak at worst. Let's just drop back to the same UID of the invoker.
Which information is leaking?
"nobody" in the build chroot is exactly the same "nobody" as outside the chroot. So, someone running as "nobody" has full control over the build as it occurs in the chroot. ptrace it, do whatever you want to it (including creating a malicious binary). There's no reason not to drop privileges back to the user who invoked the build.
This should also fix the permission issue on file introduced by bind mounting $startdir instread of copying and have files owned by nobody.
Neat! I've found one breakage in the patch (user creation is a pain in the ass across architectures because of dlopen), but that's fixed locally. d