Stephen J. Turnbull wrote:
Andrew Bennetts writes:
No, that just means you shouldn't trust *root*. Which is where a
VM is a very useful tool. You can have the “as root” environment
for your tests without the need to have anything important trust it.
Cameron acknowledges that he
Pretending the snark to be slightly serious: you've missed the point.
The builtbots are building unreliable code, that being the point of the
test suite. Doing unpredictable stuff as root is bad juju.
Running the builtbots and their tests should not be run as root except
for a very few special
Andrew Bennetts writes:
No, that just means you shouldn't trust *root*. Which is where a
VM is a very useful tool. You can have the “as root” environment
for your tests without the need to have anything important trust it.
Cameron acknowledges that he missed that. So maybe he was right
On Oct 7, 2011, at 5:10 AM, Stephen J. Turnbull wrote:
The principle here is ran as root without further explanation is a
litmus test for not bothering about security, even today. It's
worth asking for explanation, or at least a comment that all the
buildbot contributors I've talked to have
On 07Oct2011 06:18, Glyph gl...@twistedmatrix.com wrote:
| On Oct 7, 2011, at 5:10 AM, Stephen J. Turnbull wrote:
|
| The principle here is ran as root without further explanation is a
| litmus test for not bothering about security, even today. It's
| worth asking for explanation, or at least
On Oct 7, 2011, at 6:40 AM, Cameron Simpson wrote:
I think that the build and the tests should be different security
scopes/zones/levels: different users or different VMs. Andrew's
suggestion of a VM-for-tests sounds especially good.
To me, build and test are largely the same function, since
On 07Oct2011 06:50, Glyph gl...@twistedmatrix.com wrote:
| On Oct 7, 2011, at 6:40 AM, Cameron Simpson wrote:
| I think that the build and the tests should be different security
| scopes/zones/levels: different users or different VMs. Andrew's
| suggestion of a VM-for-tests sounds especially
On Oct 7, 2011, at 7:10 AM, Cameron Simpson wrote:
The point here is security, not test coverage: if a procedure is known
to be broken as a regular user, is it not highly unsafe to then run it
as root?
No. As I mentioned previously, any environment where the tests are run should
be isolated
Glyph writes:
Have I left anything out? :-)
Probably. That's the nature of the problem. But you caught enough
that if all our buildbots are set up that way, the Bad Guys' scripts
will probably conclude there's nothing to see here, and move along.
On 10/7/2011 6:18 AM, Glyph wrote:
To sum up what I believe is now the consensus from this thread:
1. Anyone setting up a buildslave should take care to invoke the build
in an environment where an out-of-control buildbot, potentially
executing arbitrarily horrible and/or malicious
On 08/10/2011 00:19, Terry Reedy wrote:
On 10/7/2011 6:18 AM, Glyph wrote:
To sum up what I believe is now the consensus from this thread:
1. Anyone setting up a buildslave should take care to invoke the build
in an environment where an out-of-control buildbot, potentially
executing
On 08Oct2011 01:13, Michael Foord fuzzy...@voidspace.org.uk wrote:
| On 08/10/2011 00:19, Terry Reedy wrote:
| On 10/7/2011 6:18 AM, Glyph wrote:
|
| To sum up what I believe is now the consensus from this thread:
|
| 1. Anyone setting up a buildslave should take care to invoke the build
|
I'd have expect this test to fail on _any_ UNIX system if run as root.
Root's allowed to write to stuff! Any stuff! About the only permission
with any effect on root is the eXecute bit for the exec call, to prevent
blindly running random data files.
You're right, here's another test on Linux
On Oct 5, 2011, at 10:46 PM, Cameron Simpson wrote:
Surely VERY FEW tests need to be run as root, and they need careful
consideration. The whole thing (build, full test suite) should
not run as root.
This is news to me - is most of Python not supported to run as root? I was
under the
On 06Oct2011 04:26, Glyph gl...@twistedmatrix.com wrote:
| On Oct 5, 2011, at 10:46 PM, Cameron Simpson wrote:
| Surely VERY FEW tests need to be run as root, and they need careful
| consideration. The whole thing (build, full test suite) should
| not run as root.
|
| This is news to me - is
On Fri, 7 Oct 2011 08:27:01 +1100
Cameron Simpson c...@zip.com.au wrote:
2: Root _can_ corrupt things anywhere in the system (within the VM, of
course, but the builtbot is a subset of it). A normal unprivileged user
will not have write permission to thing like:
the OS image
On Fri, Oct 07, 2011 at 08:27:01AM +1100, Cameron Simpson wrote:
[…]
| running buildbot tests as root does not reflect the experience of
| non-root users. It seems some tests need to be run both ways just for
| correctness testing.
|
| (except I'd say all, not some)
No. Terry is right
On 07Oct2011 12:46, Andrew Bennetts and...@bemusement.org wrote:
| On Fri, Oct 07, 2011 at 08:27:01AM +1100, Cameron Simpson wrote:
| […]
| | running buildbot tests as root does not reflect the experience of
| | non-root users. It seems some tests need to be run both ways just for
| |
Cameron Simpson wrote:
On 06Oct2011 04:26, Glyph gl...@twistedmatrix.com wrote:
| On Oct 5, 2011, at 10:46 PM, Cameron Simpson wrote:
| Surely VERY FEW tests need to be run as root, and they need careful
| consideration. The whole thing (build, full test suite) should
| not run as root.
|
|
On 07Oct2011 13:42, Steven D'Aprano st...@pearwood.info wrote:
| Cameron Simpson wrote:
| On 06Oct2011 04:26, Glyph gl...@twistedmatrix.com wrote:
| | On Oct 5, 2011, at 10:46 PM, Cameron Simpson wrote:
| | Surely VERY FEW tests need to be run as root, and they need careful
| | consideration.
On Oct 6, 2011, at 10:11 PM, Cameron Simpson wrote:
Hmm. Glyph seemed to be arguing both ways - that everything should be
tested as root, and also that root is not special. I have unease over the
former and disagreement over the latter.
Your reply to Stephen suggests that we are actually in
On 04Oct2011 20:44, Charles-Fran�ois Natali cf.nat...@gmail.com wrote:
| summary:
|Issue #11956: Skip test_import.test_unwritable_directory on FreeBSD when
|
|run as
| root (directory permissions are ignored).
|
| The same directory permission semantics apply to other (all?)
|
On Thu, 6 Oct 2011 10:55:07 +1100
Cameron Simpson c...@zip.com.au wrote:
Equally, why on earth are you running tests as root!?!?!?!?! Madness.
It's as bad as compiling stuff as root etc etc. A bad idea all around,
securitywise.
Especially, I would think, a builtbot. Oh, let's fetch some
On 10/5/2011 8:07 PM, Antoine Pitrou wrote:
On Thu, 6 Oct 2011 10:55:07 +1100
Cameron Simpsonc...@zip.com.au wrote:
Equally, why on earth are you running tests as root!?!?!?!?! Madness.
It's as bad as compiling stuff as root etc etc. A bad idea all around,
securitywise.
Especially, I would
On 05Oct2011 21:33, Terry Reedy tjre...@udel.edu wrote:
| On 10/5/2011 8:07 PM, Antoine Pitrou wrote:
| On Thu, 6 Oct 2011 10:55:07 +1100 Cameron Simpsonc...@zip.com.au wrote:
| Equally, why on earth are you running tests as root!?!?!?!?! Madness.
| It's as bad as compiling stuff as root etc etc.
Cameron Simpson writes:
Am I really the only person who feels unease about this scenario?
No, you are not alone.
Though in practice with all the Welcome, Cracker! boxes out there,
one more less-secure-than-it-could-be VM probably doesn't matter all
that much. More important to Python is
In article e1rb8co-0006fz...@dinsdale.python.org,
charles-francois.natali python-check...@python.org wrote:
http://hg.python.org/cpython/rev/7697223df6df
changeset: 72670:7697223df6df
branch: 3.2
parent: 72658:2484b2b8876e
user:Charles-Fran?ssois Natali neolo...@free.fr
summary:
Issue #11956: Skip test_import.test_unwritable_directory on FreeBSD when
run as
root (directory permissions are ignored).
The same directory permission semantics apply to other (all?)
BSD-derived systems, not just FreeBSD. For example, the test still
fails in the same way on
28 matches
Mail list logo