Enrico Scholz wrote:
This patch adds a 'koji-helper' setuid program which
implements the
following methods:
Methods above are implemented to replace the python
'safe_rmtree()' method
which was never safe, nor will work when 'kojid' is running as non-root.
It all depends on what you mean by safe, I suppose. The safe_rmtree
function protects against the destruction of stray mounts underneath the
buildroot. This is a serious risk, though perhaps some folks will not
appreciate how serious until they are debugging a buildroot, add a
mount, and accidentally delete its contents when the buildroot is cleaned.
Your patch seems to remove this protection.
I designed kojid to run as root, and I don't see that as a problem. Many
daemons run as root and kojid has more need of it than most. I do not
like the old mock security model and I consider it flawed. I have no
desire to emulate it in koji.