On Tue, Apr 14, 2015 at 09:19:12AM -0400, Austin S Hemmelgarn wrote:
> On 2015-04-14 08:28, David Sterba wrote:
> > On Tue, Apr 14, 2015 at 01:44:32PM +0300, Lauri Võsandi wrote:
> >> This patch forces btrfs receive to issue chroot before
> >> parsing the btrfs stream to confine the process and
> >> minimize damage that could be done via malicious
> >> btrfs stream.
> >
> > Thanks.
> >
> > As we've discussed, there are possibly some things to resolve:
> >
> > * chdir("/") after chroot
> > * commandline options to enable/disable chroot, choose the default
> >
> > Receive should work for a non-root user so chroot should be conditional,
> > but I'm not sure if this should be guessed from the UID or if this would
> > be better to specify only by the commandline options.
> >
> > I'll put the patch into a separate branch for now.
>
> Personally, I would expect it to default to not using chroot(), provide
> a commandline option to tell it to do so, and then just catch the error
> from trying to chroot as a non-root user.
Thanks, I agree with that.
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
