[yocto] Change in 'devshell' behaviour
Gary Thomas
gary at mlbassoc.com
Fri Apr 19 07:52:02 PDT 2013
CAUTION!! giant security hole awaits!
I've just discovered that recent Poky/Yocto runs 'devshell' as ROOT!
If I run 'bitbake SOME-RECIPE -c devshell' with a somewhat older
metadata (poky rev 09359e6ec00901abfe49157f1f9730117b4d284b)
the shell is run using my user id.
With a newer poky rev 90b98764555945a186562ca8d501a9585ce2b23f,
the shell runs as 'root'.
This change came with this revision:
commit 4dc31a327be1a506e78e1d028db08ceee22a216f
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Thu Mar 28 13:17:12 2013 +0000
base.bbclass: When we use fakeroot, also use it for devshell
Its generally useful for devshell to end up in the fakeroot environment. If
a user needs to exit it, PSEUDO_UNLOAD=1 <command> works, its usually
harder to enter the envionment.
[YOCTO #3374]
(From OE-Core rev: e6ffc747a8ca5142c9bc6fbd2b06b5808bb38b02)
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Isn't this a horrible security flaw? Or is 'fakeroot' actually safe?
The change description doesn't tell me why it's "useful".
Whatever the case, to me at least it's very unnerving...
--
------------------------------------------------------------
Gary Thomas | Consulting for the
MLB Associates | Embedded world
------------------------------------------------------------
More information about the yocto
mailing list