--- Jeremy Katz <[EMAIL PROTECTED]> wrote: > On Tue, 2007-06-26 at 08:45 +0200, Alexandre Magaz Graça wrote: > > I'm making a LiveCD that I want to autorun (from Windows and Linux) > to > > open a browser showing some help about how it works. So I added a > new > > option that lets add to the CD root file system. > > > > If someone finds it useful, the attached patch adds this option to > > pilgrim. The patch is for the latest git version. > > While this is useful, more generally, you may want to add other > directories as well. Or be able to modify the bootloader config. So > I > wonder if more accurately what's wanted is really implementing > --nochroot for %post from the config. That way, you could do > whatever > you want. > > The reason against is that it's kind of scary to let an unchroot'd > script run when creating live CDs as the config may or may not be > trustable.
Correct me if I'm wrong, but I've always been a bit weary of untrusted or possibly buggy scripts running with root privs even under the chroot. The first example that comes to mind is (perhaps historic) libselinux stuff doing a call to init (in its %post). I'm not a hardcore cracker, so the only thing that comes to mind is shutting down the host build system, but I imagine there are craftier things that could be done. Is this perhaps only relevent if proc and dev are mounted under the chroot? On a seperate note, more related to the parent post, another cool thing I'll bring up again is the idea of including a win32 port of qemu on the iso so that could be winblowz-autorun so that when the livecd is put in a windows system, it boots up to the livecd as well (in a much safer way if it is a semi-trusted custom spin, versus a more trustworth official spin). -dmc/jdog ____________________________________________________________________________________ Get your own web address. Have a HUGE year through Yahoo! Small Business. http://smallbusiness.yahoo.com/domains/?p=BESTDEAL -- Fedora-livecd-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-livecd-list
