Commit Graph

20 Commits

Author SHA1 Message Date
Natanael Copa fcdfd871af abuild-sudo: handle errors from setuid/setgid
ref https://gitlab.alpinelinux.org/alpine/abuild/-/issues/10102
2023-10-17 16:33:15 +00:00
Timo Teräs 8d6fb8b45f abuild-sudo: fix determining number of groups
Musl _SC_NGROUPS_MAX is fixed at 32. The kernel can support more.
Query the kernel for number of groups needed.
2023-06-07 12:42:00 +03:00
Samanta Navarro f2ab775123 abuild: avoid calculations with void pointers
Arithmetic operations with void pointers are an extension by some
compilers and not part of the C standard, which does not specify the
size of void.

CFLAGS with -pedantic reveals this during compile time. I have adjusted
the usage of ?: so CFLAGS can contain -pedantic now.
2021-10-11 18:34:27 +00:00
Natanael Copa 7d75f85847 abuild-sudo: dont require root to be member of abuild group
fixes #9984
2020-03-23 14:18:52 +00:00
Max Rees 297de93aef abuild-sudo: don't allow --keys-dir
Not allowing --allow-untrusted is obviously a good idea, but it can be
trivially bypassed if --keys-dir is allowed:

$ abuild-apk add foo-1-r0.apk
ERROR: foo-1-r0.apk: UNTRUSTED signature
$ abuild-apk --allow-untrusted add foo-1-r0.apk
abuild-apk: --allow-untrusted: not allowed option
$ cp -rp /etc/apk/keys /tmp/keys
$ cp untrusted.pub /tmp/keys
$ abuild-apk --keys-dir /tmp/keys add foo-1-r0.apk
(1/1) Installing foo (1-r0)
OK: 4319 MiB in 806 packages

If both --allow-untrusted and --keys-dir are not allowed, then it should
no longer be possible for an unprivileged member of the abuild group to
add an untrusted package.

$ abuild-apk --keys-dir /tmp/keys add foo-1-r0.apk
abuild-apk: --keys-dir: not allowed option
2019-06-20 11:36:40 +02:00
Robert Hencke 0126fbdffb abuild-sudo: remove unused variable
This prevents clang from issuing a warning here.
2019-03-14 15:46:11 +01:00
Kaarle Ritvanen 829a501de7 abuild-sudo: prevent forging of user name 2017-07-20 15:14:43 +03:00
Natanael Copa 6f60008bc4 abuild-sudo: fix segfault when there are no controlling term
if there are no controlling reminal getlogin() may return NULL. We use
getpwuid() to try figure out the username and verify that we actually
have a username before we set environment USER.
2017-07-17 17:24:07 +02:00
Kaarle Ritvanen e3a2e14ffa abuild: build in chroot
This patch is based on earlier work by Timo Teräs.
2017-06-27 14:52:50 +03:00
Kaarle Ritvanen 5a4e6f3889 abuild-sudo: enforce correct value for USER 2017-06-27 14:52:50 +03:00
Kaarle Ritvanen 440bb02fd7 abuild-sudo: allow commands with '-' in the name 2017-06-27 14:52:50 +03:00
Henrik Riomar 5268ae8076 abuild-sudo.c: setgid as well
set our gid to root so apk commit hooks run with the same gid as when
running  "sudo apk add ..." from command line.
2017-06-21 18:14:48 +00:00
Natanael Copa bd5636c916 abuild-sudo: error check getlogin() 2016-04-14 11:52:59 +00:00
Jakub Jirutka 5487632f30 abuild-sudo: make error msg "Not a member of group abuild" more clear
Few days ago some user on IRC pointed out that the current error message:

    abuild-apk: Not a member of group abuild

is confusing. He was trying to build a package using abuild -r and
didn't know what this message means.

fixes #5408
2016-04-14 11:52:36 +00:00
Natanael Copa a1baec0f6b abuild-sudo: forbid use of --allow-untrusted
It means that home built packages cannot be installed with abuild-apk
unless the key is installed system-wide.
2013-12-16 10:21:28 +00:00
Dubiousjim e1339a9b77 various: add descriptions, attribution, license 2013-07-08 14:48:56 +00:00
Dubiousjim 3417b45a1b abuild-sudo, abuild-tar: cosmetic changes 2013-07-08 14:47:39 +00:00
Natanael Copa 4423ab7b51 abuild-sudo: also look for adduser/group in /usr/sbin
seems like it moved in recent busybox. we need to support both variants
2013-05-29 15:07:27 +02:00
Natanael Copa 38ab58a5d6 abuild-sudo: print error message if execv fails 2013-05-29 15:01:00 +02:00
Natanael Copa 442e804291 abuild-sudo: new tool
mini sudo that checks if user is in "abuild" group and allows it to
run apk, adduser adn addgroup as root

ref #951
2012-02-17 13:28:22 +00:00