From 9fea618481256122c1bd2a62ec382623b7528865 Mon Sep 17 00:00:00 2001 From: Helmut Grohne Date: Fri, 10 May 2024 18:21:21 +0200 Subject: Revert "examples/chroottar.py: harden against tars with high uids" This reverts commit a169f51420795a212c3226f455e783ab8ac5cf47. We really deal with two user namespaces. The initial/parent process maps the target id range plus the current user id. The child process that executes the workload only maps the target id range without the current user id. The child opens the tar file while it still is in the initial namespace, then unshares and once it only has the subid range mapped, it performs the extraction. No clamping is necessary at this point. The parent process maps additionally maps the current id in order to write the tar file. --- examples/chroottar.py | 8 -------- 1 file changed, 8 deletions(-) (limited to 'examples') diff --git a/examples/chroottar.py b/examples/chroottar.py index 30017e5..3c38a97 100755 --- a/examples/chroottar.py +++ b/examples/chroottar.py @@ -76,14 +76,6 @@ def main() -> None: for tmem in tarf: if tmem.name.removeprefix("./").startswith("dev/"): continue - # Our namespace has privileged uids allocated high. Hence - # clamp unpacking. - if tmem.uid >= 65536 or tmem.gid >= 65536: - tmem.mode &= ~0o7000 - if tmem.uid >= 65536: - tmem.uid = 0 - if tmem.gid >= 65536: - tmem.gid = 0 tarf.extract(tmem, numeric_owner=True) linuxnamespaces.bind_mount(".", "/mnt", recursive=True) os.chdir("/mnt") -- cgit v1.2.3