Closed tianon closed 3 weeks ago
To be explicitly clear: I am open to exploring other alternatives as well, but su-exec
really should be removed here, and any alternative solution needs to also consider the downstream effects (and how we keep compatibility + minimize the code/variance we have to maintain).
See https://github.com/tianon/gosu/pull/143 for one such alternative.
I agree with your hesitation to recommend your setpriv
wrapper in https://github.com/tianon/gosu/pull/143#issuecomment-2174630612 since it is new and fragile, so I think gosu
is the best cli-compatible alternative.
For future users wondering why the Alpine based image suddenly "has tons of CVEs": gosu
has documented that naive vulnerability analysis tools will detect many CVE's; as of June 2024, none are applicable since gosu
does not ever invoke any of the CVE-vulnerable functions (see gosu's security.md).
https://github.com/tianon/gosu/issues/136#issuecomment-2150375314 may also be of interest.
There's a major issue with
su-exec
whose fix has gone unreleased for 5 years (typos leading to running code as root, the opposite of the purpose of the program).This also decreases our Debian vs Alpine variance.
Due to user scripts/downstream code potentially using
su-exec
, I have included a compatibility symlink tosu-exec
for all versions less than the 17 pre-release.