Thank you for reporting a bug in Ubuntu. I'm not following your
reasoning. Chroots are not designed to provide a security barrier for
root processes, so, like you say, a root process can break out. However,
typical usage of sbuild is with schroot and packages that are built in
the chroot should not be running as root. Therefore a user in the
schroot should not be able to gain root in the manner described unless
the chroot is misconfigured -- can you provide specifics? All that said,
building untrusted packages means running untrusted code and a chroot
should not necessarily be relied on for security (one can use
snapshotted or throwaway virtual machines for this sort of thing).
** Changed in: sbuild (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1010787
Title:
Process building package can escape from chroot and gain local root
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sbuild/+bug/1010787/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
