Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFE: Fork Lua scriptlets too #2635

Open
pmatilai opened this issue Aug 29, 2023 · 0 comments
Open

RFE: Fork Lua scriptlets too #2635

pmatilai opened this issue Aug 29, 2023 · 0 comments
Labels
design Complicated design issue lua Lua bindings/interface v6 Related to rpm v6 (readiness)

Comments

@pmatilai
Copy link
Member

pmatilai commented Aug 29, 2023
edited

I could've sworn there is a ticket on this already but can't find it 馃憖

Currently rpm runs scriptlets in two drastically different ways: the "normal" scriptlets go through fork() + exec() whereas Lua scriptlets run inline in the main rpm process. Not having to exec() is a feature, because it allows Lua to run in the void of an empty chroot, but not forking is a problem as it allows arbitrary scriptlets to mess with rpm configuration and whatnot. Besides being a multi-way security hazard as it is, the "small" difference and the imbalance it creates effectively prevents other enhancements in this area (eg #2617, #2636), requires a separate Lua-specific API to be maintained for file triggers and whatnot.
@pmatilai pmatilai added lua Lua bindings/interface design Complicated design issue labels Aug 29, 2023
@pmatilai pmatilai mentioned this issue Aug 29, 2023
Open
This was referenced Sep 12, 2023
Closed
Closed
pmatilai added a commit to pmatilai/rpm that referenced this issue Sep 15, 2023
@pmatilai
Add a new plugin to enable Linux-specific namespace functionality
c3ecab5 
A plugin is a convenient place to hide Linux-specific functionality.
Implemented in this initial version are:

- Optional private mounts during scriptlet execution, useful for
  protecting the system from scriptlets (eg /home) and the scriptlets
  from themselves (eg insecure /tmp usage)
- Optionally disable network access during scriptlet execution

Note that at this time, scriplets executed with the embedded Lua
interpreter are not covered by this because they run inside the main rpm
process instead of forking (rpm-software-management#2635).

Fixes: rpm-software-management#2632
Fixes: rpm-software-management#2665
@pmatilai pmatilai mentioned this issue Sep 15, 2023
Merged
pmatilai added a commit to pmatilai/rpm that referenced this issue Sep 15, 2023
@pmatilai
Add a new plugin to enable Linux-specific namespace functionality
587e778 
A plugin is a convenient place to hide Linux-specific functionality.
Implemented in this initial version are:

- Optional private mounts during scriptlet execution, useful for
  protecting the system from scriptlets (eg /home) and the scriptlets
  from themselves (eg insecure /tmp usage)
- Optionally disable network access during scriptlet execution

Note that at this time, scriplets executed with the embedded Lua
interpreter are not covered by this because they run inside the main rpm
process instead of forking (rpm-software-management#2635).

Suggested-by: Johannes Segitz <[email protected]>

Fixes: rpm-software-management#2632
Fixes: rpm-software-management#2665
pmatilai added a commit to pmatilai/rpm that referenced this issue Sep 15, 2023
@pmatilai
Add a new plugin to enable Linux-specific namespace functionality
17718d9 
A plugin is a convenient place to hide Linux-specific functionality.
Implemented in this initial version are:

- Optional private mounts during scriptlet execution, useful for
  protecting the system from scriptlets (eg /home) and the scriptlets
  from themselves (eg insecure /tmp usage)
- Optionally disable network access during scriptlet execution

Note that at this time, scriplets executed with the embedded Lua
interpreter are not covered by this because they run inside the main rpm
process instead of forking (rpm-software-management#2635).

Suggested-by: Johannes Segitz <[email protected]>

Fixes: rpm-software-management#2632
Fixes: rpm-software-management#2665
@pmatilai pmatilai added the v6 Related to rpm v6 (readiness) label Sep 27, 2023
pmatilai added a commit to pmatilai/rpm that referenced this issue Sep 28, 2023
@pmatilai
Add a new plugin to enable Linux-specific namespace functionality
788d513 
A plugin is a convenient place to hide Linux-specific functionality.
Implemented in this initial version are:

- Optional private mounts during scriptlet execution, useful for
  protecting the system from scriptlets (eg /home) and the scriptlets
  from themselves (eg insecure /tmp usage)
- Optionally disable network access during scriptlet execution

Note that at this time, scriplets executed with the embedded Lua
interpreter are not covered by this because they run inside the main rpm
process instead of forking (rpm-software-management#2635).

Add a testcase for private /tmp

Suggested-by: Johannes Segitz <[email protected]>

Fixes: rpm-software-management#2632
Fixes: rpm-software-management#2665
pmatilai added a commit to pmatilai/rpm that referenced this issue Sep 28, 2023
@pmatilai
Add a new plugin to enable Linux-specific namespace functionality
d19343c 
A plugin is a convenient place to hide Linux-specific functionality.
Implemented in this initial version are:

- Optional private mounts during scriptlet execution, useful for
  protecting the system from scriptlets (eg /home) and the scriptlets
  from themselves (eg insecure /tmp usage)
- Optionally disable network access during scriptlet execution

Note that at this time, scriplets executed with the embedded Lua
interpreter are not covered by this because they run inside the main rpm
process instead of forking (rpm-software-management#2635).

Add a testcase for private /tmp

Suggested-by: Johannes Segitz <[email protected]>

Fixes: rpm-software-management#2632
Fixes: rpm-software-management#2665
pmatilai added a commit to pmatilai/rpm that referenced this issue Oct 9, 2023
@pmatilai
Add a new plugin to enable Linux-specific namespace functionality
2d79259 
A plugin is a convenient place to hide Linux-specific functionality.
Implemented in this initial version are:

- Optional private mounts during scriptlet execution, useful for
  protecting the system from scriptlets (eg /home) and the scriptlets
  from themselves (eg insecure /tmp usage)
- Optionally disable network access during scriptlet execution

Note that at this time, scriplets executed with the embedded Lua
interpreter are not covered by this because they run inside the main rpm
process instead of forking (rpm-software-management#2635).

Add a testcase for private /tmp

Suggested-by: Johannes Segitz <[email protected]>

Fixes: rpm-software-management#2632
Fixes: rpm-software-management#2665
pmatilai added a commit that referenced this issue Oct 11, 2023
@pmatilai
Add a new plugin to enable Linux-specific namespace functionality
fd8eaa5 
A plugin is a convenient place to hide Linux-specific functionality.
Implemented in this initial version are:

- Optional private mounts during scriptlet execution, useful for
  protecting the system from scriptlets (eg /home) and the scriptlets
  from themselves (eg insecure /tmp usage)
- Optionally disable network access during scriptlet execution

Note that at this time, scriplets executed with the embedded Lua
interpreter are not covered by this because they run inside the main rpm
process instead of forking (#2635).

Add a testcase for private /tmp

Suggested-by: Johannes Segitz <[email protected]>

Fixes: #2632
Fixes: #2665
@pmatilai pmatilai self-assigned this Oct 25, 2023
@dmnks dmnks assigned dmnks and unassigned pmatilai and dmnks Mar 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
design Complicated design issue lua Lua bindings/interface v6 Related to rpm v6 (readiness)
Projects
RPM
Status: Todo
Scriptlet isolation
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pmatilai @dmnks