So, in dpb, I've been forking a lot of 'chroot -u user /build'
to build various things, and it works just great.
I was wondering about the benefits of
su ${BUILDUSER} -c 'some quoted command'
vs
chroot -u ${BUILDUSER} / some unquoted command
Superficially, it looks mostly similar.
The very nice thing about chroot (IMO) being that you can pass the
command verbatim without having to re-quote anything. The other
difference being that chroot doesn't fork an extra shell, which
might make things more transparent wrt running commands.
I'm also wondering about doas.
By default, it's not configured at all.
But what would it hurt to allow root usage ?
Specifically,
doas -u ${BUILDUSER} some unquoted command
as run by root. This would not open any security hole, would it ?
Finally, I'm wondering if people would have any use for a chroot'd
option in doas, and whether it's a security issue (again).
Like, people have some hardened doas.conf which only allows running
some commands as root.
Some of these commands are basically game over, as they allow anything
to be run, actually. Specifically, /usr/bin/env, or chroot...
Would
doas -c /rootdir somecmd
be of any use ?
