Re: fakeroot status

[Marcus Brinkmann]

On Sun, May 12, 2002 at 07:40:05PM -0400, Roland McGrath wrote:
> That makes sense.  Indeed, fakeroot is netfs so it exec's by accessing the
> underlying node the same way exec'ing on nfs accesses the remote file.
> It's fshelp_exec_reauth trying the makeauth call that rightly fails since
> fakeroot's auth port is not root.  
> 
> There are a few different ways to attack this:
> 
> 1. Override netfs_S_file_exec to just pass it through.  Then a setuid exec
>    will be a real setuid exec and will escape from the fakeroot and
>    fakeauth universes entirely.  This is the behavior of Linux fakeroot,
>    since it does nothing special for exec and LD_PRELOAD is ignored by
>    setuid executables.

Mmh, how is this done correctly?  I have implemented the netfs_S_file_exec
pass-through, which works for suid programs, but not for scripts:
If the program is a script, the file_exec call will dead lock, because exec
tries to lock up the file node while it is locked in netfs_S_file_exec. 
However, if I don't lock the node, I get "/dev/fd/3: Bad file descriptor".
It might be that not locking is the right thing to do, and the BADFD error
is a distinct one.

To allow a comparison:  Without overriding netfs_S_dir_lookup, programs and
scripts work, but not suid programs.

There is another problem with fakeroot, and that is chmod.  It doesn't work
at all :)  I always get EOPNOTSUPP.  Your comment:

   Unlike the normal Unix
   and Hurd meaning of chmod, this function is also used to attempt to
   change files into other types.  If such a transition is attempted which
   is impossible, then return EOPNOTSUPP.  */

But I could not find where this happens, and in fact it leads to a situation
where any chmod fails, because chmod usually does not involve any of the
S_IFMT bits.  Eg, a normal chmod 0755 fails.

I changed it this way: I removed the EOPNOTSUPP check, and replaced it with:
mode &= ~(S_IFMT | S_ISPARE | S_ITRANS);

Then the file_chmod call with have a sane mode value, too.  And then I
merged it in:

np->nn_stat.st_mode = (np->nn_stat.st_mode & (S_IFMT | S_ISPARE | S_ITRANS))
    | mode;

This worked seamlessly.

With all those hacks and work arounds, disabling file_exec pass-through to
fix scripts (I didn't need suid binaries in this test), replacing EOPNOTSUPP
with ENOTDIR in the attempt_lookup function and the chmod fixes, and the fix
for fakeauth I just checked in, I was finally able to build a small Debian
package with

dpkg-buildpackage -rfakeroot -B

and the files ended up being owned by root in the package, and with correct
permissions.  So we are getting there! 

Thanks,
Marcus

-- 
`Rhubarb is no Egyptian god.' Debian http://www.debian.org brinkmd@debian.org
Marcus Brinkmann              GNU    http://www.gnu.org    marcus@gnu.org
Marcus.Brinkmann@ruhr-uni-bochum.de
http://www.marcus-brinkmann.de