Bug#381695: [Buildd-tools-devel] Bug#381695: dchroot: Invades users
privacy in default configuration
Roger Leigh
rleigh at whinlatter.ukfsn.org
Mon Aug 7 15:16:09 UTC 2006
tags 381695 + fixed-upstream pending
thanks
Helge Kreutzmann <debian at helgefjell.de> writes:
>> The reason why the logging is performed is because the schroot service
>> may be used to gain root access (even without a password, if so
>> configured; see root-users and root-groups in schroot.conf(5) and
>> switch users. As a result, the commands being run are logged, just as
>> they are with the su and sudo commands (schroot is implementing their
>> functionality).
>>
>> The attached patch will log the command or shell if:
>>
>> * running as root
>> * switching to root
>> * switching to another user
>>
>> But will not log if
>>
>> * the user is the same (not switching) and is not root
>>
>> Is this acceptable? When running as root, or switching to another
>> user, there are security concerns which make logging advisable.
>
> Yes.
Super. I have committed the patch into SVN.
> Thanks for your speedy reply and quick fix!
You're welcome. The fix will be released with schroot-1.0.2. I'll
release this in about a week (I would like 1.0.1-1 to propagate to
testing first, seeing as this bug is not an urgent issue); until then,
the patch to sbuild/sbuild-session.cc will apply to earlier releases
as well, should you wish to do that.
Thanks for reporting this.
Regards,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please sign and encrypt your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20060807/14b34ea6/attachment.pgp
More information about the Buildd-tools-devel
mailing list