* [gentoo-dev] Sandbox suggestion
@ 2001-12-11 4:51 Joshua Pollak
2001-12-11 9:05 ` Geert Bevin
0 siblings, 1 reply; 11+ messages in thread
From: Joshua Pollak @ 2001-12-11 4:51 UTC (permalink / raw
To: gentoo-dev
Hi,
Just wondering, but I had a suggestion for the dynamic bash ebuild: Rather
than replacing the static bash and moving the static bash to /bin/sbash
(shouldn't that be /sbin/sbash?) anyway, why not just install the new shell
to /bin/dyn-bash or dbash or something, and make the sandbox scripts call
everything via that shell?
I'm not sure if that's technically possible or not, but it seemed like it
would make a lot of things simpler, and reduce the risk of sysadmins messing
something up.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-dev] Sandbox suggestion
2001-12-11 4:51 [gentoo-dev] Sandbox suggestion Joshua Pollak
@ 2001-12-11 9:05 ` Geert Bevin
2001-12-11 16:22 ` Joshua Pollak
0 siblings, 1 reply; 11+ messages in thread
From: Geert Bevin @ 2001-12-11 9:05 UTC (permalink / raw
To: gentoo-dev
Because then any script that refers to /bin/bash during the installation
process uses the static bash, while the purpose is this the dynamic bash
is used. Of course all the scripts could be patched, but then the use of
the sandbox gets quite a bit devaluated.
Joshua Pollak wrote:
>Hi,
>
>Just wondering, but I had a suggestion for the dynamic bash ebuild: Rather
>than replacing the static bash and moving the static bash to /bin/sbash
>(shouldn't that be /sbin/sbash?) anyway, why not just install the new shell
>to /bin/dyn-bash or dbash or something, and make the sandbox scripts call
>everything via that shell?
>
>I'm not sure if that's technically possible or not, but it seemed like it
>would make a lot of things simpler, and reduce the risk of sysadmins messing
>something up.
>_______________________________________________
>gentoo-dev mailing list
>gentoo-dev@gentoo.org
>http://lists.gentoo.org/mailman/listinfo/gentoo-dev
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-dev] Sandbox suggestion
2001-12-11 9:05 ` Geert Bevin
@ 2001-12-11 16:22 ` Joshua Pollak
2001-12-11 18:04 ` Zach Forrest
0 siblings, 1 reply; 11+ messages in thread
From: Joshua Pollak @ 2001-12-11 16:22 UTC (permalink / raw
To: gentoo-dev
On Tuesday 11 December 2001 4:05, you wrote:
> Because then any script that refers to /bin/bash during the installation
> process uses the static bash, while the purpose is this the dynamic bash
> is used. Of course all the scripts could be patched, but then the use of
> the sandbox gets quite a bit devaluated.
Fair enough.
>
> Joshua Pollak wrote:
> >Hi,
> >
> >Just wondering, but I had a suggestion for the dynamic bash ebuild: Rather
> >than replacing the static bash and moving the static bash to /bin/sbash
> >(shouldn't that be /sbin/sbash?) anyway, why not just install the new
> > shell to /bin/dyn-bash or dbash or something, and make the sandbox
> > scripts call everything via that shell?
> >
> >I'm not sure if that's technically possible or not, but it seemed like it
> >would make a lot of things simpler, and reduce the risk of sysadmins
> > messing something up.
> >_______________________________________________
> >gentoo-dev mailing list
> >gentoo-dev@gentoo.org
> >http://lists.gentoo.org/mailman/listinfo/gentoo-dev
>
> _______________________________________________
> gentoo-dev mailing list
> gentoo-dev@gentoo.org
> http://lists.gentoo.org/mailman/listinfo/gentoo-dev
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-dev] Sandbox suggestion
2001-12-11 16:22 ` Joshua Pollak
@ 2001-12-11 18:04 ` Zach Forrest
2001-12-11 18:23 ` Geert Bevin
0 siblings, 1 reply; 11+ messages in thread
From: Zach Forrest @ 2001-12-11 18:04 UTC (permalink / raw
To: gentoo-dev
What about installing dyn-bash into something like
/usr/lib/sandbox/bin/bash, and then pre-pending this to $PATH before
beginning and restoring the original $PATH afterwards?
Zach
Joshua Pollak wrote:
> On Tuesday 11 December 2001 4:05, you wrote:
>
>>Because then any script that refers to /bin/bash during the installation
>>process uses the static bash, while the purpose is this the dynamic bash
>>is used. Of course all the scripts could be patched, but then the use of
>>the sandbox gets quite a bit devaluated.
>>
>
> Fair enough.
>
>
>>Joshua Pollak wrote:
>>
>>>Hi,
>>>
>>>Just wondering, but I had a suggestion for the dynamic bash ebuild: Rather
>>>than replacing the static bash and moving the static bash to /bin/sbash
>>>(shouldn't that be /sbin/sbash?) anyway, why not just install the new
>>>shell to /bin/dyn-bash or dbash or something, and make the sandbox
>>>scripts call everything via that shell?
>>>
>>>I'm not sure if that's technically possible or not, but it seemed like it
>>>would make a lot of things simpler, and reduce the risk of sysadmins
>>>messing something up.
>>>_______________________________________________
>>>gentoo-dev mailing list
>>>gentoo-dev@gentoo.org
>>>http://lists.gentoo.org/mailman/listinfo/gentoo-dev
>>>
>>_______________________________________________
>>gentoo-dev mailing list
>>gentoo-dev@gentoo.org
>>http://lists.gentoo.org/mailman/listinfo/gentoo-dev
>>
> _______________________________________________
> gentoo-dev mailing list
> gentoo-dev@gentoo.org
> http://lists.gentoo.org/mailman/listinfo/gentoo-dev
>
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-dev] Sandbox suggestion
2001-12-11 18:04 ` Zach Forrest
@ 2001-12-11 18:23 ` Geert Bevin
2001-12-11 19:21 ` Joshua Pollak
0 siblings, 1 reply; 11+ messages in thread
From: Geert Bevin @ 2001-12-11 18:23 UTC (permalink / raw
To: gentoo-dev
most scripts refer to bash like this
#!/bin/bash
putting another one in the path doesn't work around this at all
On Tue, 2001-12-11 at 19:04, Zach Forrest wrote:
> What about installing dyn-bash into something like
> /usr/lib/sandbox/bin/bash, and then pre-pending this to $PATH before
> beginning and restoring the original $PATH afterwards?
--
Geert Bevin
the Leaf sprl/bvba
"Use what you need" Pierre Theunisstraat 1/47
http://www.theleaf.be 1030 Brussels
gbevin@theleaf.be Tel & Fax +32 2 241 19 98
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-dev] Sandbox suggestion
2001-12-11 18:23 ` Geert Bevin
@ 2001-12-11 19:21 ` Joshua Pollak
2001-12-11 19:25 ` Geert Bevin
` (2 more replies)
0 siblings, 3 replies; 11+ messages in thread
From: Joshua Pollak @ 2001-12-11 19:21 UTC (permalink / raw
To: gentoo-dev
On Tuesday 11 December 2001 1:23, you wrote:
> most scripts refer to bash like this
>
> #!/bin/bash
>
> putting another one in the path doesn't work around this at all
Perhaps gentoo policy could be to make ebuilds reference:
#!/bin/ebuild-bash
which by default would be a sym-link to bash, but on a sandbox system would
have the dynamic bash in place?
I don't know how much of an issue using the wrong shell is, I don't know how
often people will encounter problems, but I do know that when bash got
version skewed (or something) on my Debian system, it was a nightmare.
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: [gentoo-dev] Sandbox suggestion
2001-12-11 19:21 ` Joshua Pollak
@ 2001-12-11 19:25 ` Geert Bevin
2001-12-11 19:40 ` Zach Forrest
2001-12-11 20:04 ` Daniel Robbins
2 siblings, 0 replies; 11+ messages in thread
From: Geert Bevin @ 2001-12-11 19:25 UTC (permalink / raw
To: gentoo-dev
>
>
>Perhaps gentoo policy could be to make ebuilds reference:
>
>#!/bin/ebuild-bash
>
>which by default would be a sym-link to bash, but on a sandbox system would
>have the dynamic bash in place?
>
The problem is not the ebuilds, it's the shell scripts that are
distributed along with source packages.
>I don't know how much of an issue using the wrong shell is, I don't know how
>often people will encounter problems, but I do know that when bash got
>version skewed (or something) on my Debian system, it was a nightmare.
>
Having a dynamic bash is not really a problem, most distributions do it.
The only problem is cleanly updating glic, ncurses, readline libraries
without segfaulting the dyn bash. It's on my todo to find a solution for
this, but currently I'm living with a half crashed hd at home and
awaiting the replacement before I can really resume the development.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-dev] Sandbox suggestion
2001-12-11 19:21 ` Joshua Pollak
2001-12-11 19:25 ` Geert Bevin
@ 2001-12-11 19:40 ` Zach Forrest
2001-12-11 20:04 ` Daniel Robbins
2 siblings, 0 replies; 11+ messages in thread
From: Zach Forrest @ 2001-12-11 19:40 UTC (permalink / raw
To: gentoo-dev
> which by default would be a sym-link to bash, but on a sandbox system would
> have the dynamic bash in place?
Another (rough) idea, would be to install bash to /bin/sbash and
dyn-bash to /bin/dbash. /bin/bash would then be an executable script.
When installing a package, sandbox sets $DYNBASH to something, telling
the script to use dbash. When done, simply unset $DYNBASH, and, like
magic, the script then calls sbash. Feedback?
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-dev] Sandbox suggestion
2001-12-11 19:21 ` Joshua Pollak
2001-12-11 19:25 ` Geert Bevin
2001-12-11 19:40 ` Zach Forrest
@ 2001-12-11 20:04 ` Daniel Robbins
2001-12-11 20:16 ` Zach Forrest
2 siblings, 1 reply; 11+ messages in thread
From: Daniel Robbins @ 2001-12-11 20:04 UTC (permalink / raw
To: gentoo-dev
On Tue, Dec 11, 2001 at 02:21:12PM -0500, Joshua Pollak wrote:
> On Tuesday 11 December 2001 1:23, you wrote:
> > most scripts refer to bash like this
> >
> > #!/bin/bash
> >
> > putting another one in the path doesn't work around this at all
>
> Perhaps gentoo policy could be to make ebuilds reference:
>
> #!/bin/ebuild-bash
Hi,
We really don't need to be discussing this issue; sandboxing is only
for testing at the moment, and when it is integrated into Portage,
we'll take care of resolving these issues.
Best Regards,
--
Daniel Robbins <drobbins@gentoo.org>
Chief Architect/President http://www.gentoo.org
Gentoo Technologies, Inc.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-dev] Sandbox suggestion
2001-12-11 20:04 ` Daniel Robbins
@ 2001-12-11 20:16 ` Zach Forrest
2001-12-11 20:17 ` Daniel Robbins
0 siblings, 1 reply; 11+ messages in thread
From: Zach Forrest @ 2001-12-11 20:16 UTC (permalink / raw
To: gentoo-dev
Where is the best place to discuss testing type issues?
Daniel Robbins wrote:
> On Tue, Dec 11, 2001 at 02:21:12PM -0500, Joshua Pollak wrote:
>
>>On Tuesday 11 December 2001 1:23, you wrote:
>>
>>>most scripts refer to bash like this
>>>
>>>#!/bin/bash
>>>
>>>putting another one in the path doesn't work around this at all
>>>
>>Perhaps gentoo policy could be to make ebuilds reference:
>>
>>#!/bin/ebuild-bash
>>
>
> Hi,
>
> We really don't need to be discussing this issue; sandboxing is only
> for testing at the moment, and when it is integrated into Portage,
> we'll take care of resolving these issues.
>
> Best Regards,
>
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [gentoo-dev] Sandbox suggestion
2001-12-11 20:16 ` Zach Forrest
@ 2001-12-11 20:17 ` Daniel Robbins
0 siblings, 0 replies; 11+ messages in thread
From: Daniel Robbins @ 2001-12-11 20:17 UTC (permalink / raw
To: gentoo-dev
On Tue, Dec 11, 2001 at 12:16:35PM -0800, Zach Forrest wrote:
> Where is the best place to discuss testing type issues?
> >>Perhaps gentoo policy could be to make ebuilds reference:
> >>
> >>#!/bin/ebuild-bash
What you are suggesting is not a "testing type" issue. If you'd like to
discuss the current implementation of path sandboxing, this is the place. But
we will handle the integration of sandboxing into Gentoo Linux proper,
including all the sub-issues that this raises.
Best Regards,
--
Daniel Robbins <drobbins@gentoo.org>
Chief Architect/President http://www.gentoo.org
Gentoo Technologies, Inc.
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2001-12-11 20:17 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-12-11 4:51 [gentoo-dev] Sandbox suggestion Joshua Pollak
2001-12-11 9:05 ` Geert Bevin
2001-12-11 16:22 ` Joshua Pollak
2001-12-11 18:04 ` Zach Forrest
2001-12-11 18:23 ` Geert Bevin
2001-12-11 19:21 ` Joshua Pollak
2001-12-11 19:25 ` Geert Bevin
2001-12-11 19:40 ` Zach Forrest
2001-12-11 20:04 ` Daniel Robbins
2001-12-11 20:16 ` Zach Forrest
2001-12-11 20:17 ` Daniel Robbins
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox