On Friday 24 October 2008 04:21:29 Bernhard Reutner-Fischer wrote:
> A patch was in this thread:
> http://www.mail-archive.com/[EMAIL PROTECTED]/msg16297.html
>
> Rob promised to respin it tomorrow and resend it in to the list.
> thanks
The debian bug report in question is:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=415996
I checked and the old patch still applies cleanly (well, with an offset, but
no fuzz). I applied it and then did an svn diff, the result of which is
attached. (As with all svn diffs, it applies with "patch -p0 -i blah.patch")
It's actually a very simple patch, which does this:
A) Teach qemu-$TARGET to do a chdir() plus chroot() in response to a -chroot
command line option.
B) Because A) requires root access, teach qemu-$TARGET to change uid and gid
via a -su option (and set both the real and effective user IDs so it's
actually dropping priviledges).
C) Add error handling if any of the above fails. (I.E. I check the return
code so that if you _don't _drop privs I'm not introducing a security hole.)
D) Add help text entries describing the new options.
The only objection to the original patch was that there's one case it doesn't
cover; if the emulated process does an "exec" of another target binary, qemu
doesn't handle that:
http://www.mail-archive.com/qemu-devel%40nongnu.org/msg16496.html
In my opinion this boils down to "qemu doesn't do something before this patch,
and still doesn't do it afterwards either". That's really a separate issue,
which can be addressed later if necessary.
Rob
P.S. I note that I did _not_ check to make sure that "qemu-arm -su" actually
has an argument after it to avoid a segfault, but
then "qemu-arm -cpu", "qemu-arm -s", "qemu-arm -g" and so on all segfault in
exactly the same way, so that's another separate issue if anybody cares.
Index: linux-user/main.c
===================================================================
--- linux-user/main.c (revision 5527)
+++ linux-user/main.c (working copy)
@@ -2186,6 +2186,10 @@
"-cpu model select CPU (-cpu ? for list)\n"
"-drop-ld-preload drop LD_PRELOAD for target process\n"
"\n"
+ "Root options:\n"
+ "-chroot dir chroot to dir\n"
+ "-su uid:gid set numeric user and group IDs\n"
+ "\n"
"Debug options:\n"
"-d options activate log (logfile=%s)\n"
"-p pagesize set the host page size to 'pagesize'\n"
@@ -2301,6 +2305,28 @@
drop_ld_preload = 1;
} else if (!strcmp(r, "strace")) {
do_strace = 1;
+ } else if (!strcmp(r, "chroot")) {
+ if (chdir(argv[optind++]) || chroot(".")) {
+ fprintf(stderr, "Can't chroot to '%s' (are you root?)\n",
+ argv[--optind]);
+ _exit(1);
+ }
+ } else if (!strcmp(r, "su")) {
+ int temp;
+ char *gid = strchr(argv[optind], ':');
+ if (gid) {
+ temp = atoi(++gid);
+ if (setresgid(temp, temp, temp)) {
+ fprintf(stderr, "Can't set gid to %d (are you root?)\n",
+ temp);
+ _exit(1);
+ }
+ }
+ temp = atoi(argv[optind++]);
+ if (setresuid(temp, temp, temp)) {
+ fprintf(stderr, "Can't set uid to %d (are you root?)\n", temp);
+ _exit(1);
+ }
} else
{
usage();
