On Sun, 26 Jan 2025 15:17:20 +0100, Lucas Nussbaum wrote: > On 26/01/25 at 01:16 +0100, gregor herrmann wrote: > > I'm totally ignorant wrt this unshare thingy … Does it affect > > ownership of /tmp in any way? > It should not
FWIW, I tried to run the autopkgtests with the unshare backend
yesterday (for the first time :)), and I didn't encounter any
problems.
> > Or might there be some other cause for
> > "Parent directory (/tmp/) is not safe (Directory owned neither by
> > root nor the current user)"?
> No idea
Weird …
> > In any case: Ownership of /tmp seems out of scope for a specific
> > package.
> That's the only package failing in that way
Looks like the code uses a rather rare feature of File::Temp:
lib/SGML/Parser/OpenSP.pm: File::Temp->safe_level(File::Temp::HIGH);
safe_level
Controls the lengths to which the module will go to check the
safety of the temporary file or directory before proceeding.
Options are:
STANDARD
Do the basic security measures to ensure the directory
exists and is writable, that temporary files are opened
only if they do not already exist, and that
possible race conditions are avoided. Finally the
unlink0 function is used to remove files safely.
MEDIUM
In addition to the STANDARD security, the output
directory is checked to make sure that it is owned
either by root or the user running the program. If the
directory is writable by group or by other, it is then
checked to make sure that the sticky bit is set.
Will not work on platforms that do not support the "-k"
test for sticky bit.
HIGH
In addition to the MEDIUM security checks, also check
for the possibility of ``chown() giveaway'' using the
POSIX sysconf() function. If this is a possibility,
each directory in the path is checked in turn for
safeness, recursively walking back to the root
directory.
For platforms that do not support the POSIX
"_PC_CHOWN_RESTRICTED" symbol (for example, Windows NT)
it is assumed that ``chown() giveaway'' is possible and
the recursive test is performed.
This might explain why this kind of failure doesn't appear for other
package but it still leaves the question wyh /tmp has this untypical
ownership (at least that's something the package cannot change).
Cheers,
gregor
--
.''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org
: :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
`. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
`-
signature.asc
Description: Digital Signature
