Control: reassign -1 pbuilder 0.225 Control: affects -1 cowbuilder cowdancer
Hi Emilio, > On 19 Jul 2016, at 21:31, Emilio Pozuelo Monfort <[email protected]> wrote: > > Package: cowbuilder > Version: 0.80 > Severity: grave > Tags: security Agreed. > I enabled eatmydata by adding EATMYDATA=eatmydata to my ~/.pbuilderrc, > and the result is that copy-on-write no longer works, making any modifications > persistent: > > eatmydata enabled > > emilio@tatooine:~$ sudo cowbuilder --login > root@tatooine:/# echo asdf > /etc/apt/sources.list > root@tatooine:/# logout > emilio@tatooine:~$ sudo cowbuilder --login > root@tatooine:/# cat /etc/apt/sources.list > asdf Confirmed. And an echo $LD_PRELOAD will show only libeatmydata. > Note how it has overwritten sources.list even though --save-after-login > wasn't passed. It also overwrites files during a package build, which > is a big problem. > > Now, with eatmydata disabled: > > First, restore sources.list: > > emilio@tatooine:~$ sudo cowbuilder --login --save-after-login > root@tatooine:/# cat /etc/apt/sources.list > asdf > root@tatooine:/# echo "deb http://ftp.es.debian.org/debian/ unstable main" > > /etc/apt/sources.list > root@tatooine:/# logout > > It is restored. Now, let's try to overwrite it without --save-after-login: > > emilio@tatooine:~$ sudo cowbuilder --login > root@tatooine:/# cat /etc/apt/sources.list > deb http://ftp.es.debian.org/debian/ unstable main > root@tatooine:/# echo asdf > /etc/apt/sources.list > root@tatooine:/# logout > emilio@tatooine:~$ sudo cowbuilder --login > root@tatooine:/# cat /etc/apt/sources.list > deb http://ftp.es.debian.org/debian/ unstable main > root@tatooine:/# > > It isn't overwritten. Turns out this is a pbuilder bug. When EATMYDATA=yes, it overwrites its CHROOTEXEC variable to just be a plain "chroot $BUILDPLACE eatmydata", and so cowbuilder’s cow-shell that adds libcowdancer to LD_PRELOAD is not executed. Fix incoming. Regards, James
