Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace su-exec with gosu #1246

Merged
merged 1 commit into from
Jun 18, 2024
Merged

Conversation

tianon
Copy link
Member

@tianon tianon commented Jun 3, 2024

There's a major issue with su-exec whose fix has gone unreleased for 5 years (typos leading to running code as root, the opposite of the purpose of the program).

This also decreases our Debian vs Alpine variance.

Due to user scripts/downstream code potentially using su-exec, I have included a compatibility symlink to su-exec for all versions less than the 17 pre-release.

There's a major issue with `su-exec` whose fix has gone unreleased for 5 years (typos leading to running code as root, the opposite of the purpose of the program).

This also decreases our Debian vs Alpine variance.

Due to user scripts/downstream code potentially using `su-exec`, I have included a compatibility symlink to `su-exec` for all versions less than the 17 pre-release.
@tianon
Copy link
Member Author

tianon commented Jun 3, 2024

To be explicitly clear: I am open to exploring other alternatives as well, but su-exec really should be removed here, and any alternative solution needs to also consider the downstream effects (and how we keep compatibility + minimize the code/variance we have to maintain).

@tianon
Copy link
Member Author

tianon commented Jun 3, 2024

See tianon/gosu#143 for one such alternative.

@tianon tianon requested a review from yosifkit June 17, 2024 23:38
@yosifkit
Copy link
Member

I agree with your hesitation to recommend your setpriv wrapper in tianon/gosu#143 (comment) since it is new and fragile, so I think gosu is the best cli-compatible alternative.


For future users wondering why the Alpine based image suddenly "has tons of CVEs": gosu has documented that naive vulnerability analysis tools will detect many CVE's; as of June 2024, none are applicable since gosu does not ever invoke any of the CVE-vulnerable functions (see gosu's security.md).

tianon/gosu#136 (comment) may also be of interest.

@tianon tianon merged commit cefde5f into docker-library:master Jun 18, 2024
38 checks passed
@tianon tianon deleted the su-noexec branch June 18, 2024 21:47
docker-library-bot added a commit to docker-library-bot/official-images that referenced this pull request Jun 18, 2024
Changes:

- docker-library/postgres@cefde5f: Merge pull request docker-library/postgres#1246 from infosiftr/su-noexec
- docker-library/postgres@3e9b4ea: Replace `su-exec` with `gosu`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants