Re: misc/58196: [RB] Install ISO images leak local user/group information

To: misc-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,jbglaw%lug-owl.de@localhost
Subject: Re: misc/58196: [RB] Install ISO images leak local user/group information
From: Jan-Benedict Glaw <jbglaw%lug-owl.de@localhost>
Date: Fri, 3 May 2024 19:05:01 +0000 (UTC)

The following reply was made to PR misc/58196; it has been noted by GNATS.

From: Jan-Benedict Glaw <jbglaw%lug-owl.de@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: misc-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
	netbsd-bugs%netbsd.org@localhost
Subject: Re: misc/58196: [RB] Install ISO images leak local user/group
 information
Date: Fri, 3 May 2024 21:03:30 +0200

 --ni93GHxFvA+th69W
 Content-Type: text/plain; charset=utf-8
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 On Fri, 2024-05-03 16:20:02 +0000, Christos Zoulas <christos%zoulas.com@localhost> wr=
 ote:
 >  I think that the simplest way to fix this is to always pass -N
 >  ${DESTDIR}/etc to the makefs invocation so that it uses the
 >  appropriate group and master.passwd files.
 
 The install ISOs seem to be generated from
 [src]/distrib/common/Makefile.image ;  its `makefs` call already has
 "-N ${NETBSDSRCDIR}/etc".
 
 For example:
 
 root@lili:/var/cache/laminar# ./compare_tarballs.sh {,n}netbsd-arc-mipsel-r=
 el.tar.gz=20
 --- /tmp/tmp.LOzRMiQmXe 2024-05-03 20:53:41.848137167 +0200
 +++ /tmp/tmp.jgng3HwfMC 2024-05-03 20:53:43.719990220 +0200
 @@ -23,4 +23,4 @@
  86ddeb6da8b49b6745ef58d991f737be  ./release-arc-mipsel/arc/INSTALL.more
  c510fdb48ce5a5fbc521e5870d41ede0  ./release-arc-mipsel/arc/INSTALL.ps
  b30b0c47e2b8dda815c3916e4dedd3ef  ./release-arc-mipsel/arc/INSTALL.txt
 -90a3d5e451d1f480c97d642b87505283  ./release-arc-mipsel/images/NetBSD-10.99=
 =2E10-arc.iso
 +7ae7f6c75e9e0e3ebcfa3f285b972369  ./release-arc-mipsel/images/NetBSD-10.99=
 =2E10-arc.iso
 
 (...comparing an arc/mipsel build, Linux left, NetBSD right.)
 
 Differences in the ISO image are like this:
 
 -0000a130: 0000 0003 e603 0000 0000 03e6 e603 0000  ................
 +0000a130: 0000 0003 0000 0000 0000 0000 e603 0000  ................
 
 (several others as well)
 
 0x03e6 =3D 998, which is the UID/GIT the Linux (Docker) based builds are
 running as. From looking at the code, I think that it's just keeping
 numeric owner information from a stat/lstat call IFF there isn't an
 override in the manifest. I don't think it's resolving names, esp. not
 for UID numbers like 998 which are just from the building user, with
 IMHO no additional code mapping any non-zero UID to zero (or any
 specific other value.) I can give a different -N a try, but I doubt
 it'll fix the issue.
 
 MfG, JBG
 
 --=20
 
 --ni93GHxFvA+th69W
 Content-Type: application/pgp-signature; name="signature.asc"
 
 -----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQQlDTvPcScNjKREqWEdvV51g5nhuwUCZjU0/wAKCRAdvV51g5nh
 u3nXAJwOhUS4VlhaPLkt6t9Gm/13H53fwgCcC/etn6SlleANmgxzc6ytr0afoiE=
 =UZSW
 -----END PGP SIGNATURE-----
 
 --ni93GHxFvA+th69W--

Prev by Date: Re: misc/58196: [RB] Install ISO images leak local user/group information
Next by Date: Re: bin/51313 (named caching server timeouts)
Previous by Thread: Re: misc/58196: [RB] Install ISO images leak local user/group information
Next by Thread: toolchain/58197: [RB] Generated CTF data depends on the building host
Indexes:

Home | Main Index | Thread Index | Old Index