I'd like some help testing this package I have been writing for maintaining i686 chroot on x86_64. My biggest concern is that I had to rewrite fw32-run in C, with SETUID so it could work without sudo and still know who was executing it. This is needed so it can mount the user's home directory in the chroot via binding with mount and then drop root permissions inside to the proper user's permission levels. I'm not entirely sure I wrote it correctly to avoid the obvious security holes, because I'm not that familiar with low level linux system calls. I'm used to shell programs doing it for me. And yes, I tried using SETUID with shell scripts. It simply does not work. Linux refuses to honor SETUID on interpreted executables. It will only work on true binaries. You can review the C source code for it yourself if you want. Thoughts?
_______________________________________________ Frugalware-devel mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-devel
