diff options
| author | Helmut Grohne <helmut@subdivi.de> | 2024-05-10 18:21:21 +0200 |
|---|---|---|
| committer | Helmut Grohne <helmut@subdivi.de> | 2024-05-10 18:21:21 +0200 |
| commit | 9fea618481256122c1bd2a62ec382623b7528865 (patch) | |
| tree | 8b4ae2de2d8dd11ca93aef93e196524869e1b085 | |
| parent | c45a83883625ea5226bace08e72f45782e31c29f (diff) | |
| download | python-linuxnamespaces-9fea618481256122c1bd2a62ec382623b7528865.tar.gz | |
Revert "examples/chroottar.py: harden against tars with high uids"
This reverts commit a169f51420795a212c3226f455e783ab8ac5cf47.
We really deal with two user namespaces. The initial/parent process maps
the target id range plus the current user id. The child process that
executes the workload only maps the target id range without the current
user id. The child opens the tar file while it still is in the initial
namespace, then unshares and once it only has the subid range mapped, it
performs the extraction. No clamping is necessary at this point. The
parent process maps additionally maps the current id in order to write
the tar file.
| -rwxr-xr-x | examples/chroottar.py | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/examples/chroottar.py b/examples/chroottar.py index 30017e5..3c38a97 100755 --- a/examples/chroottar.py +++ b/examples/chroottar.py @@ -76,14 +76,6 @@ def main() -> None: for tmem in tarf: if tmem.name.removeprefix("./").startswith("dev/"): continue - # Our namespace has privileged uids allocated high. Hence - # clamp unpacking. - if tmem.uid >= 65536 or tmem.gid >= 65536: - tmem.mode &= ~0o7000 - if tmem.uid >= 65536: - tmem.uid = 0 - if tmem.gid >= 65536: - tmem.gid = 0 tarf.extract(tmem, numeric_owner=True) linuxnamespaces.bind_mount(".", "/mnt", recursive=True) os.chdir("/mnt") |