Bug#508295: debootstrap: doesn't work with proxifiers (tsocks and proxychains)
Colin Watson wrote: On Tue, Dec 09, 2008 at 08:34:03PM +0200, Eugene V. Lyubimkin wrote: One of my machines is behind the corporative proxy (both HTTP and SOCKSv5). For applications that have not built-in proxy support I successfully use either tsocks (SOCKS) or proxychanins proxifiers. They works well with 'bts' or 'reportbug', but debootstrap'ping always silently fail with 'Unable to retrieve Release'. 'strace -e trace=network' doesn't show any relevant info. Please investigate the problem and suggest some solution or even a workaround would be appreciated. How are you invoking debootstrap? The following is a guess: Both tsocks and proxychains appear to operate by setting the LD_PRELOAD environment variable. This environment variable is removed by glibc when executing any set-id program (including sudo, su, etc.) because it is an easy way for a non-root attacker to attack any such set-id program. This is inherent to set-id programs and has nothing to do with debootstrap itself. Unless it's straightforward to start tsocks or proxychains *after* escalating to root, perhaps you might try something like this: sudo env LD_PRELOAD=$LD_PRELOAD debootstrap ... (I agree that this is not obvious. I don't think debootstrap's documentation is a good place to talk about it, though; if this is indeed the problem then I think it should be documented by tsocks and proxychains.) Hello Colin, thanks for suggestion, I will try and report the result. -- Eugene V. Lyubimkin aka JackYF, JID: jackyf.devel(maildog)gmail.com Ukrainian C++ developer, Debian Maintainer, APT contributor signature.asc Description: OpenPGP digital signature
Bug#508295: debootstrap: doesn't work with proxifiers (tsocks and proxychains)
On Tue, Dec 09, 2008 at 08:34:03PM +0200, Eugene V. Lyubimkin wrote: One of my machines is behind the corporative proxy (both HTTP and SOCKSv5). For applications that have not built-in proxy support I successfully use either tsocks (SOCKS) or proxychanins proxifiers. They works well with 'bts' or 'reportbug', but debootstrap'ping always silently fail with 'Unable to retrieve Release'. 'strace -e trace=network' doesn't show any relevant info. Please investigate the problem and suggest some solution or even a workaround would be appreciated. How are you invoking debootstrap? The following is a guess: Both tsocks and proxychains appear to operate by setting the LD_PRELOAD environment variable. This environment variable is removed by glibc when executing any set-id program (including sudo, su, etc.) because it is an easy way for a non-root attacker to attack any such set-id program. This is inherent to set-id programs and has nothing to do with debootstrap itself. Unless it's straightforward to start tsocks or proxychains *after* escalating to root, perhaps you might try something like this: sudo env LD_PRELOAD=$LD_PRELOAD debootstrap ... (I agree that this is not obvious. I don't think debootstrap's documentation is a good place to talk about it, though; if this is indeed the problem then I think it should be documented by tsocks and proxychains.) Regards, -- Colin Watson [cjwat...@debian.org] -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#508295: debootstrap: doesn't work with proxifiers (tsocks and proxychains)
Package: debootstrap Version: 1.0.10 Severity: normal One of my machines is behind the corporative proxy (both HTTP and SOCKSv5). For applications that have not built-in proxy support I successfully use either tsocks (SOCKS) or proxychanins proxifiers. They works well with 'bts' or 'reportbug', but debootstrap'ping always silently fail with 'Unable to retrieve Release'. 'strace -e trace=network' doesn't show any relevant info. Please investigate the problem and suggest some solution or even a workaround would be appreciated. -- System Information: Debian Release: 5.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages debootstrap depends on: ii binutils2.18.1~cvs20080103-7 The GNU assembler, linker and bina ii wget1.11.4-2 retrieves files from the web debootstrap recommends no packages. debootstrap suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
