#898486 fakeroot: Remove fakeroot and fakechroot in favour of fakeroot-ng or CLONE_NEWUSER

Package:
fakeroot
Source:
fakeroot
Description:
tool for simulating superuser privileges
Submitter:
Askar Safin
Date:
2024-01-02 04:00:04 UTC
Severity:
important
Tags:
#898486#5
Date:
2018-05-12 13:55:10 UTC
From:
To:
fakeroot and fakechroot are very unreliable. Just look at other bug reports.

Even simple "env -i" (such commands are likely in building utils) unexpectedly
turn off fakeroot.
Other thing incompatible with fakeroot is static linking. Calls to "ldconfig"
are usual in building tools.

Other utils have to introduce kludges to deal with fakeroot unreliability. For
example, debootstrap
includes its own ldconfig replacement for fakeroot mode.

Okey, what to do? I propose to replace fakeroot with fakeroot-ng or user
namespaces (CLONE_NEWUSER).

fakeroot-ng is based on ptrace, as opposed to fakeroot. So, it is more
reliable. But I'm not sure
whether its perfect. For example, I don't know whether fakeroot-ng is
compatible with SETUID binaries.

CLONE_NEWUSER (user namespaces) and tools based on it (recent systemd-nspawn,
lxc, etc) are better.
I think user namespaces are more reliable and faster than fakeroot-ng. But user
namespaces seem to be less secure.

So, please remove fakeroot and fakechroot. Remove package "pseudo", too,
because it uses LD_PRELOAD (like
fakeroot), and thus it shares same problems. If you decide user namespaces are
better than fakeroot-ng,
then remove fakeroot-ng, too.

Okey, so, please remove fakeroot, fakechroot, pseudo (and possibly fakeroot-ng)
from Debian archive. Change
all packages which use them to use fakeroot-ng or user namespaces. Stop using
this obsolete packages in
your infrastructure, i. e. don't build packages using fakeroot. Remove all
kludges you introduced to
work with fakeroot, such as special debootstrap variant.

What about non-Linux kernels supported by Debian, i. e. Hurd and kFreeBSD?

I think Hurd has some feature similar to user namespaces (subhurd or something
like that). Moreover, they
are theoretically more secure than Linux user namespaces due to microkernel
architecture. And moreover,
ability to simulate root without such hacky tools always was selling point of
Hurd.

kFreeBSD? Well, nobody wants it anyway. :)

User namespaces are supported by default in Stretch's Linux kernel.

#898486#10
Date:
2021-02-10 07:35:57 UTC
From:
To:
As the maintainer and author of fakeroot-ng, I have to say I this bug
would have made much more sense to me had it been sent 41 days earlier.

If you think namespaces provide a better solution to the problem
fakeroot addresses, I believe a better solution is for you to write
"fakeroot-ns" and introduce it to Debian. It is the open source way of
solving such difference of opinion. It would sure make me happy to see
another alternative implementation. Judging from Clint Adam's reaction
to fakeroot-ng, I'm guessing his reaction will be no different.

Alternatively, you can also run "update-alternatives --config fakeroot"
and default it to running fakeroot-ng. This you can do with no change to
Debian at all.

This isn't a bug on my package, so it's not my judgement call to make,
but I'd vote to close with no action taken.