Mike McLean <[EMAIL PROTECTED]> writes: >> This patch adds a 'koji-helper' setuid program which implements the >> following methods: > >> Methods above are implemented to replace the python 'safe_rmtree()' method >> which was never safe, nor will work when 'kojid' is running as non-root. > > It all depends on what you mean by safe
Definitively not the racy | find ... | xargs rm ... > The safe_rmtree function protects against the destruction of stray > mounts underneath the buildroot. This is a serious risk, though perhaps > some folks will not appreciate how serious until they are debugging a > buildroot, add a mount, and accidentally delete its contents when the > buildroot is cleaned. > > Your patch seems to remove this protection. no; it does not cross filesystem borders. > I designed kojid to run as root, and I don't see that as a problem. Many > daemons run as root and kojid has more need of it than most. What are these needs? 'kojid' runs perfectly as non-root. > I do not like the old mock security model and I consider it flawed. I > have no desire to emulate it in koji. Yes; mock's helper binary is full of races and broken constraints :( Enrico -- Fedora-buildsys-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
