[Haifux] Announcing a new project - fakeroot-ng

gabik gabik at cs.technion.ac.il
Sun Dec 30 20:21:00 MSK 2007 

Hi Shahar

One question.
Why one would need such a "fool the process into thinking it is running as
root"?
I could think only about some testing scenarios and think there are better
ways to test than to implement all this functionality.

Thank you,

Gabi



-----Original Message-----
From: haifux-bounces at haifux.org [mailto:haifux-bounces at haifux.org] On Behalf
Of Shachar Shemesh
Sent: Sunday, December 30, 2007 6:28 PM
To: linux-il; Haifa Linux Club
Subject: [Haifux] Announcing a new project - fakeroot-ng

Hi all,


I would like to intrude upon your time to announce an EXTREMELY preliminary
project called "fakeroot-ng". Project web site is at
http://sourceforge.net/projects/fakerootng. At this point there is no formal
release, but you can get the code from SVN and it compiles fine on Linux
i386 (yes, it requires per-platform support). I'm hoping to release an
actual release by the end of this week.


The project is a clean reimplementation of fakeroot[1]. For those who don't
know it, fakeroot uses LD_PRELOAD in order to wrap some system calls and
fool the process into thinking it is running as root. Fakeroot further keeps
tabs on the operations it is impossible for the process to perform, but was
told it succeeded anyways, and will emulate the results when applicable. So,
for example, if you use fakeroot to create a character device (which only
root can), and then run "ls -l", you will see your character device. In
actuality, it's a standard file, but fakeroot fools the process to think
it's a character device.


Fakeroot has one major limitation, though. It does not, and cannot, support
a chroot jail. Fakeroot's authors refuse to wrap the "open" 
system call, due to implicit recursion that it results in, which turn into a
infinite loop. A different implementation, called "fakechroot", exists that
does wrap "open" and does support chroot. According to the fakeroot authors,
this implementation is highly dependent on the precise implementation inside
glibc. Either way, the technology still dictates several limitations, as
listed on the fakechroot web site [2].


Fakeroot-ng, which stands for fakeroot next generation, uses a whole
different technology to wrap the system calls. Instead of using LD_PRELOAD,
it uses ptrace to debug the process being fooled. As a result, it has no
problem with statically linked binaries, binaries written in Java, or
binaries linked with a different version of glibc. 
In fact, it is written in C++ without affecting the process' dynamic linking
structure.


Of course, with the good cometh the bad. In particular, ptrace is highly
platform dependent in every way imaginable. Also, since we are manipulating
the process data structures from without, we do not have any memory to call
our own with which to work. This is particularly painful where supporting
one syscall requires actually performing two or more.


For example, we want to intercept the "fchmod" function, so we can update
our internal data about SUID and similar bits (which we don't want to allow
in the real file). Since the primary key to our database is the tuple
<dev,inode>, and since "fchmod" contains none, we need to carry out the
actual fchmod, but also call "fstat" in order to know what the device and
inode numbers are. We need to turn one system call into two. Unfortunately,
ptrace has no mechanism for generating a system call.


Fakeroot-ng solves this problem. Furthermore, it solves this problem in a
way that requires very little #ifdef blocks (anyone who tried to read the
strace source code has got to appreciate this fact).


How? Invite me to lecture at one of the Linux clubs and I'll tell you. 
Better yet, download the source code and look for yourself. Even better,
send me patches to add support for more platforms.


Here is a demo of fakeroot-ng in action:

dir$ ls -la
> total 8
> drwxr-xr-x 2 sun sun 4096 2007-12-30 17:48 .
> drwxr-xr-x 7 sun sun 4096 2007-12-30 17:48 ..
> dir$ touch file
> dir$ ls -la
> total 8
> drwxr-xr-x 2 sun sun 4096 2007-12-30 17:48 .
> drwxr-xr-x 7 sun sun 4096 2007-12-30 17:48 ..
> -rw-r--r-- 1 sun sun    0 2007-12-30 17:48 file
> dir$ ../fakeroot-ng sh
> sh-3.1# ls -la
> total 8
> drwxr-xr-x 2 sun sun 4096 2007-12-30 17:48 .
> drwxr-xr-x 7 sun sun 4096 2007-12-30 17:48 ..
> -rw-r--r-- 1 sun sun    0 2007-12-30 17:48 file
> sh-3.1# whoami
> root
> sh-3.1# id
> uid=0(root) gid=1000(sun) 
>
groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),107(
netdev),110(powerdev),1000(sun),1001(vboxusers)
> sh-3.1# chmod 4775 file
> sh-3.1# ls -la
> total 8
> drwxr-xr-x 2 sun sun 4096 2007-12-30 17:48 .
> drwxr-xr-x 7 sun sun 4096 2007-12-30 17:48 ..
> -rwsrwxr-x 1 sun sun    0 2007-12-30 17:48 file
> sh-3.1# exit
> exit
> dir$ ls -la
> total 8
> drwxr-xr-x 2 sun sun 4096 2007-12-30 17:48 .
> drwxr-xr-x 7 sun sun 4096 2007-12-30 17:48 ..
> -rwxrwxr-x 1 sun sun    0 2007-12-30 17:48 file

Notice how "file" has the SUID bit set when inside the fakeroot environment,
but not when you exit it.

comments and suggestions welcome on the fakeroot-ng mailing list [3]


Share and enjoy
Shachar


[1] http://fakeroot.alioth.debian.org/

[2] http://fakechroot.alioth.debian.org/

[3] http://sourceforge.net/mailarchive/forum.php?forum_name=fakerootng-devel

_______________________________________________
Haifux mailing list
Haifux at haifux.org
http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux

More information about the Haifux mailing list