New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[dist] Change default worker run directory #5174

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
4 participants
@athos-ribeiro

athos-ribeiro commented Jun 20, 2018

Current default run directory for OBS workers is under /var/run. While
in most modern distros Systemd is the responsible for mounting /run and
does so with executable permissions, Debian (and Debian downstream)
distributions delegate this task to their initramfs package, which
mounts /run with the noexec flag on. Note that /var/run is a symlink to
/run on such distributions. This commit changes the default run
directory to a path under /tmp to solve the described issue while
keeping the volatile properties of the directory under /run.

See https://freedesktop.org/wiki/Software/systemd/APIFileSystems and
https://www.freedesktop.org/wiki/Software/systemd/InitrdInterface/ for
further reference.

I Also have a more complete description og the symptoms is a blog post

[dist] Change default worker run directory
Current default run directory for OBS workers is under /var/run. While
in most modern distros Systemd is the responsible for mounting /run and
does so with executable permissions, Debian (and Debian downstream)
distributions delegate this task to their initramfs package, which
mounts /run with the noexec flag on. Note that /var/run is a symlink to
/run on such distributions. This commit changes the default run
directory to a path under /tmp to solve the described issue while
keeping the volatile properties of the directory under /run. See
https://freedesktop.org/wiki/Software/systemd/APIFileSystems and
https://www.freedesktop.org/wiki/Software/systemd/InitrdInterface/ for
further reference.
@darix

This comment has been minimized.

Member

darix commented Jun 22, 2018

/tmp is a bad place for this. /tmp can be abused for attacks as everyone can write there A better place would be /var/lib/obs-worker.

But this requires a few more changes

  1. do not use the same variable for PID files and build dirs
  2. one advantage of using /run we got an automatic cleanup. obsstoragesetup would be a place which could do the cleanup of /var/lib/obs-worker. That way you can restart the worker without deleting everything all the time.
@adrianschroeter

This comment has been minimized.

Member

adrianschroeter commented Jul 18, 2018

yes, darix is right, this is a security hole actually

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment