[PATCH 7/9] Set $PROFILE and $PBUILDER_ROOT to null
Loïc Minier
lool at dooz.org
Sat Jan 23 19:15:14 UTC 2010
On Sat, Jan 23, 2010, Osamu Aoki wrote:
> > > +PBUILDER_ROOT=""
> > > +PROFILE=""
> > This doesn't seem to make it possible to override these from the
> > testsuite anymore.
> Do you think command which does sudo to change is behavior based on
> environment variable and source random code to be OK?
>
> I have no problem /usr/lib/pbuilder/foo to change behavior. But I did
> not /usr/bin/pdebuild or /usr/sbin/pbuilder to change their behavior.
>
> This security concern was rationale behind this. But since other
> variables also needs to be initialized, this may not be meaningful.
There are no end of security issues with pbuilder; if you grant users
the right to run pbuilder, they get the right to build any code and
install any build-deps. The only barrier is who do you allow to use
sudo to root (for pbuilder). There are other bug reports where this is
discussed. I don't think chroots are a safe enough container for
privilege separations, but they are convenient.
--
Loïc Minier
More information about the Pbuilder-maint
mailing list