search

travis-ci / apt-package-safelist

Safelist of apt packages approved for build environments with restricted sudo
MIT License
109 stars 82 forks source link

APT whitelist request for linkchecker #1187

Open lpenz opened 9 years ago

travisbot commented 9 years ago

_This is an automated comment._

Ran tests and found setuid bits by purely textual search. Further analysis is required.

If these are found to be benign, examine http://github.com/travis-ci/apt-package-whitelist/tree/test-apt-package-whitelist-1187 and its PR.

Packages found: linkchecker linkchecker-web linkchecker-gui

See https://travis-ci.org/travis-ci/apt-whitelist-checker/builds/80620578 for details.

wkoszek commented 9 years ago

@MariadeAnton I looked at this report https://travis-ci.org/travis-ci/apt-whitelist-checker/builds/80620578 and it seems like linkchecker, if run as root, tries to lower it's privileges. This is a good security thing, and it doesn't pose problems for Travis.

Could we whitelist linkchecker for Travis, please?

lstagner commented 8 years ago

I would also like to have LinkChecker be whitelisted. I use LinkChecker to verify that I didn't introduce any dead links into my documentation website.

wkoszek commented 8 years ago

@BanzaiMan Any chance to get this one unblocked? My hack to install LinkChecker via pip stopped working several days ago due to too old requests Python library, and I have no luck doing pip install --upgrade pip on the container infrastructure.

I think linkchecker is safe, it just tries to drop the privileges if it sees you're running as root:

./linkchecker-9.3/linkcheck/__init__.py-        return
./linkchecker-9.3/linkcheck/__init__.py-    if os.geteuid() == 0:
./linkchecker-9.3/linkcheck/__init__.py-        log.warn(LOG_CHECK, _("Running as root user; "
./linkchecker-9.3/linkcheck/__init__.py-                       "dropping privileges by changing user to nobody."))
./linkchecker-9.3/linkcheck/__init__.py-        import pwd
./linkchecker-9.3/linkcheck/__init__.py:        os.seteuid(pwd.getpwnam('nobody')[3])
iphydf commented 8 years ago

Any news on this? I'm using sudo-enabled VMs now because of linkchecker.

travisbot commented 6 years ago

This is an automated comment.

Ran tests and found setuid bits by purely textual search. Further analysis is required.

If these are found to be benign, examine http://github.com/travis-ci/apt-package-whitelist/compare/test-apt-package-whitelist-1187 and its PR.

Packages found: linkchecker linkchecker-gui

See https://travis-ci.org/travis-ci/apt-whitelist-checker/builds/440492102 for details.