From 9e611d87cd95999eb6b3e5e7f6c855f7c092f57c Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 21 Nov 2014 15:55:27 -0400 Subject: add debootstrap parameters --- src/Propellor/Property/Debootstrap.hs | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) (limited to 'src/Propellor/Property/Debootstrap.hs') diff --git a/src/Propellor/Property/Debootstrap.hs b/src/Propellor/Property/Debootstrap.hs index 5f521c32..747662c5 100644 --- a/src/Propellor/Property/Debootstrap.hs +++ b/src/Propellor/Property/Debootstrap.hs @@ -1,5 +1,6 @@ module Propellor.Property.Debootstrap ( Url, + DebootstrapConfig(..), built, installed, programPath, @@ -18,6 +19,27 @@ import System.Posix.Directory type Url = String +-- | A monoid for debootstrap configuration. +-- mempty is a default debootstrapped system. +data DebootstrapConfig + = DefaultConfig + | MinBase + | BuilddD + | DebootstrapParam String + | DebootstrapConfig :+ DebootstrapConfig + deriving (Show) + +instance Monoid DebootstrapConfig where + mempty = DefaultConfig + mappend = (:+) + +toParams :: DebootstrapConfig -> [CommandParam] +toParams DefaultConfig = [] +toParams MinBase = [Param "--variant=minbase"] +toParams BuilddD = [Param "--variant=buildd"] +toParams (DebootstrapParam p) = [Param p] +toParams (c1 :+ c2) = toParams c1 <> toParams c2 + -- | Builds a chroot in the given directory using debootstrap. -- -- The System can be any OS and architecture that debootstrap @@ -28,8 +50,8 @@ type Url = String -- -- Note that reverting this property does not stop any processes -- currently running in the chroot. -built :: FilePath -> System -> [CommandParam] -> RevertableProperty -built target system@(System _ arch) extraparams = +built :: FilePath -> System -> DebootstrapConfig -> RevertableProperty +built target system@(System _ arch) config = RevertableProperty setup teardown where setup = check (unpopulated target <||> ispartial) setupprop @@ -44,7 +66,7 @@ built target system@(System _ arch) extraparams = suite <- case extractSuite system of Nothing -> errorMessage $ "don't know how to debootstrap " ++ show system Just s -> pure s - let params = extraparams ++ + let params = toParams config ++ [ Param $ "--arch=" ++ arch , Param suite , Param target -- cgit v1.3-2-g0d8e From f6afeb889f4b11418daac7825c1adb1df4ff145c Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 21 Nov 2014 16:01:51 -0400 Subject: lock down chroot perm --- src/Propellor/Property/Debootstrap.hs | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/Propellor/Property/Debootstrap.hs') diff --git a/src/Propellor/Property/Debootstrap.hs b/src/Propellor/Property/Debootstrap.hs index 747662c5..0611e735 100644 --- a/src/Propellor/Property/Debootstrap.hs +++ b/src/Propellor/Property/Debootstrap.hs @@ -16,6 +16,7 @@ import Data.List import Data.Char import Control.Exception import System.Posix.Directory +import System.Posix.Files type Url = String @@ -63,6 +64,11 @@ built target system@(System _ arch) config = setupprop = property ("debootstrapped " ++ target) $ liftIO $ do createDirectoryIfMissing True target + -- Don't allow non-root users to see inside the chroot, + -- since doing so can allow them to do various attacks + -- including hard link farming suid programs for later + -- exploitation. + modifyFileMode target (removeModes [otherReadMode, otherExecuteMode, otherWriteMode]) suite <- case extractSuite system of Nothing -> errorMessage $ "don't know how to debootstrap " ++ show system Just s -> pure s -- cgit v1.3-2-g0d8e