-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Axel Thimm wrote: > In a nutshell: you now carry much more unlimited root power throughout > all of mock's invocation cycle in comparison to a confined set of > priviledges that the helper was giving.
Good point. I still think it's easier to audit python code than C code, but you're talking 500 lines of C versus 1000 lines of python. So, I may just reconsider this change. One of the reasons I liked moving to a setuid/setgid launcher was that we could move the process into the mock group and fix a bunch of chroot sharing problems with appropriate group permissions. Oh, and we actually kick off the python process in a separate namespace, which means we won't dirty up the mount table if for some reason we exit unexpectedly. If we just made the launcher setgid:mock and kept mock-helper for rootiness things, would that still trigger your security alarms? Hmmm, now that I think about it, we probably have to be root to create a new namespace, so the launcher might have to stay setuid:root and drop privileges before exec'ing python. Thoughts? Clark -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFFnoI0Hyuj/+TTEp0RAgs+AJ4wD3jbqZsb425aUEZ0O91phHWFygCeI+hQ 2V64J/BN6VINwdJSdFFfLDU= =vqnq -----END PGP SIGNATURE----- -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
