List of xbps-triggers that is NOT safe to be run from outside of chroot #23262

sgn · 2020-06-27T10:47:02Z

In light of #23239,

I look into some xbps-triggers, and I think those triggers aren't safe to be run from outside of chroot:

if the libc in chroot and libc in host is differs and elf in chroot couldn't be interpreted by host's libc (ld is hard-coded), execve(2) exit with 126, /bin/sh will search next commands in hosts, and use it instead of chroot's executable.
system-accounts: check if the user

void-packages/srcpkgs/xbps-triggers/files/system-accounts

Line 112 in d148c44

if ! getent passwd ${_uname} >/dev/null; then

or group

void-packages/srcpkgs/xbps-triggers/files/system-accounts

Line 29 in d148c44

if ! getent group ${_grname} >/dev/null; then

exists in host (no options to mitigate?), then create user

void-packages/srcpkgs/xbps-triggers/files/system-accounts

Line 113 in d148c44

useradd -c "$descr" -d "$homedir" -s "$shell" ${user_groups} \

and group

void-packages/srcpkgs/xbps-triggers/files/system-accounts

Line 31 in d148c44

groupadd -r ${_grname} -g ${_gid} >/dev/null 2>&1

in host (can be mitigated by groupadd -R -P and useradd -R -P, don't know if they're portable). This one is very problematic because base-files uses this triggers
to be filled.

Thought, @void-linux/pkg-committers @ericonr

The text was updated successfully, but these errors were encountered:

ericonr · 2020-06-28T02:56:09Z

How else would we make a /tmp dir appear in the system? chrooting and running xbps-reconfigure even for base-files will still require it. We could:

have xbps-reconfigure create /tmp if it can't be found (bad)
include an empty /tmp directory in base-files, somehow (good)

github-actions · 2022-04-17T02:06:34Z

Issues become stale 90 days after last activity and are closed 14 days after that. If this issue is still relevant bump it or assign it.

github-actions · 2022-07-18T02:13:39Z

Issues become stale 90 days after last activity and are closed 14 days after that. If this issue is still relevant bump it or assign it.

github-actions · 2022-10-17T02:14:46Z

Issues become stale 90 days after last activity and are closed 14 days after that. If this issue is still relevant bump it or assign it.

github-actions · 2023-01-16T01:58:46Z

Issues become stale 90 days after last activity and are closed 14 days after that. If this issue is still relevant bump it or assign it.

github-actions bot added the Stale label Apr 17, 2022

paper42 removed the Stale label Apr 18, 2022

github-actions bot added the Stale label Jul 18, 2022

classabbyamp removed the Stale label Jul 18, 2022

github-actions bot added the Stale label Oct 17, 2022

classabbyamp removed the Stale label Oct 17, 2022

github-actions bot added the Stale label Jan 16, 2023

Vaelatern removed the Stale label Jan 16, 2023

classabbyamp added the tracking for tracking larger sets of changes label Jan 16, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

List of xbps-triggers that is NOT safe to be run from outside of chroot #23262

List of xbps-triggers that is NOT safe to be run from outside of chroot #23262

sgn commented Jun 27, 2020

ericonr commented Jun 28, 2020

github-actions bot commented Apr 17, 2022

github-actions bot commented Jul 18, 2022

github-actions bot commented Oct 17, 2022

github-actions bot commented Jan 16, 2023

List of xbps-triggers that is NOT safe to be run from outside of chroot #23262

List of xbps-triggers that is NOT safe to be run from outside of chroot #23262

Comments

sgn commented Jun 27, 2020

ericonr commented Jun 28, 2020

github-actions bot commented Apr 17, 2022

github-actions bot commented Jul 18, 2022

github-actions bot commented Oct 17, 2022

github-actions bot commented Jan 16, 2023