RFC: dropping privs in chroot --user

coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RFC: dropping privs in chroot --user

From:	Pádraig Brady
Subject:	RFC: dropping privs in chroot --user
Date:	Tue, 13 May 2014 16:04:15 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2

Both setuidgid and runuser behave as I would expect
and drop the supplemental groups of the root user:

  # runuser padraig -c "id -G"
  500 10 489 491

  # ~padraig/git/coreutils/src/setuidgid padraig id -G
  500 10 489 491

However chroot does not:

  # chroot --user=padraig: / id -G
  500 0 1 2 3 4 6 10

  # chroot --user=padraig / id -G
  0 500 1 2 3 4 6 10

That's at least unexpected and could
be considered a bug I think.
If I'm missing nothing I'll send a patch soon.

thanks,
Pádraig.

[Prev in Thread]

Current Thread

[Next in Thread]

RFC: dropping privs in chroot --user, Pádraig Brady <=
- Re: RFC: dropping privs in chroot --user, Pádraig Brady, 2014/05/16
  - Re: RFC: dropping privs in chroot --user, Bernhard Voelker, 2014/05/16
    - Re: RFC: dropping privs in chroot --user, Pádraig Brady, 2014/05/17
    - Re: RFC: dropping privs in chroot --user, Pádraig Brady, 2014/05/18
    - Re: RFC: dropping privs in chroot --user, Bernhard Voelker, 2014/05/18
    - Re: RFC: dropping privs in chroot --user, Pádraig Brady, 2014/05/18

Prev by Date: Re: [PATCH] tests: fix spurious failure with leading spaces in file names
Next by Date: RFC: avoid chroot() call if not changing root dir
Previous by thread: [PATCH] tests: fix spurious failure with leading spaces in file names
Next by thread: Re: RFC: dropping privs in chroot --user
Index(es):
- Date
- Thread