Patchwatcher security improvements

Ambroz Bizjak ambro at b4ever.net
Mon Sep 8 16:01:45 CDT 2008


Hi,

I've abandoned my chroot aproach to improving security in patchwatcher.
Instead I've implemented the ability to run untrusted code as a user
different than the one running patchwatcher. This is because creating a
chroot where Wine could be compiled and tested proved to be too difficult
and platform-dependent.

I've also added external time limits for running untrusted code. This as a
whole should help prevent individual patches from stalling the patch
watching process.

It very easy to set up. All you need is a low-privileged user (but enough
to run the tests, e.g. audio, video groups) and an empty folder where you
can write but this user can only read (not your home folder, it shouldn't
have access there anyway).

To use it, start with a clean patchwatcher and adjust the variables in the
patchwatcher.sh, then run "patchwatcher.sh intialize". It will instruct
you to run some commands as root (setuid the wrapper). Run initialize
again and it should build wine and run baseline tests. Then you can test
it by putting a patch in patches/ and issuing the try_one_patch command.
To start watching use the continuous_build command.

Patch is attached.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patchwatcher-crossuser10.patch.bz2
Type: application/x-bzip
Size: 7879 bytes
Desc: not available
Url : http://www.winehq.org/pipermail/wine-devel/attachments/20080908/d5aea781/attachment.bin 


More information about the wine-devel mailing list