On Fri, May 13, 2016 at 10:29:14AM -0700, Martin A. Brown wrote: > >BTW, debomatic doesn't run the build as root... > > From the downloadable debomatic build log, I saw this: > > User Environment > ---------------- > > APT_CONFIG=/var/lib/sbuild/apt.conf > HOME=/sbuild-nonexistent > LC_ALL=POSIX > LOGNAME=root > PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin > SCHROOT_ALIAS_NAME=unstable-amd64-debomatic > SCHROOT_CHROOT_NAME=unstable-amd64-debomatic > SCHROOT_COMMAND=env > SCHROOT_GID=0 > SCHROOT_GROUP=root > > SCHROOT_SESSION_ID=unstable-amd64-debomatic-ec0767d2-2cee-45af-a819-ff581f252f97 > SCHROOT_UID=0 > SCHROOT_USER=root > SHELL=/bin/sh > USER=root > XDG_RUNTIME_DIR=/run/user/0 > XDG_SESSION_ID=c31191 > > When I ran my test suite as the root user on any ol' box, I was able to > reproduce the errors that were showing up in the debomatic build log. So, I > adjusted my test suite and now it succeeds.
o.O this is totally unexpected.
Building as root is a so bad thing.
TBH, my was an assumption, as I've never heard of sbuild running the
build as root, and so assumed debomatic didn't either.
Gianfranco: do you know if this is something new or it always did that?
otherwise I'm going to file a bug for it...
It's just a plain security hole :|
> Sorry to be causing you extra work Mattia, but I do appreciate the support
> from you and Gianfranco.
meh, don't worry for it :)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
