On Thu, 2007-06-28 at 14:08 -0700, Jane Dogalt wrote:
--- Jeremy Katz <katzj(a)redhat.com> wrote:
> On Tue, 2007-06-26 at 08:45 +0200, Alexandre Magaz Graça wrote:
> > I'm making a LiveCD that I want to autorun (from Windows and Linux)
> to
> > open a browser showing some help about how it works. So I added a
> new
> > option that lets add to the CD root file system.
> >
> > If someone finds it useful, the attached patch adds this option to
> > pilgrim. The patch is for the latest git version.
>
> While this is useful, more generally, you may want to add other
> directories as well. Or be able to modify the bootloader config. So
> I
> wonder if more accurately what's wanted is really implementing
> --nochroot for %post from the config. That way, you could do
> whatever
> you want.
>
> The reason against is that it's kind of scary to let an unchroot'd
> script run when creating live CDs as the config may or may not be
> trustable.
Correct me if I'm wrong, but I've always been a bit weary of untrusted
or possibly buggy scripts running with root privs even under the
chroot. The first example that comes to mind is (perhaps historic)
libselinux stuff doing a call to init (in its %post). I'm not a
hardcore cracker, so the only thing that comes to mind is shutting down
the host build system, but I imagine there are craftier things that
could be done. Is this perhaps only relevent if proc and dev are
mounted under the chroot?
Oh, there are definitely things that can be done as is. It's more a
matter of what the chances of pain/problems are.
Jeremy