From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: process substitution to create a virtual file doesn't work in chroot environment
Date: Mon, 28 Aug 2023 10:50:49 +0200 [thread overview]
Message-ID: <ZOxf6QOIRAciCVE6@calimero.vinschen.de> (raw)
In-Reply-To: <CAEF1h+XMtnd0_28cLNnEB2Q+XAxXE3VMZtXh9LLQzeP7n-fAJw@mail.gmail.com>
On Aug 27 18:13, Cary Lewis via Cygwin wrote:
> In a cygwin process that is started either from mintty or bash directly the
> following:
>
> $ user=234
>
> $ ./cat <(echo $user)
> 234
> works as expected.
>
> But after a chroot:
From https://cygwin.com/cygwin-ug-net/highlights.html:
chroot is supported. Kind of. Chroot is not a concept known by
Windows. This implies some serious restrictions. First of all, the
chroot call isn't a privileged call. Any user may call it. Second, the
chroot environment isn't safe against native windows processes. Given
that, chroot in Cygwin is only a hack which pretends security where
there is none. For that reason the usage of chroot is discouraged.
Don't use it unless you really, really know what you're doing.
> $ chroot . ./bash
> user=234
> $ ./cat <(echo $user)
> ./cat: /dev/fd/63: No such file or directory
>
> In the directory I am chrooting in, I created a tmp folder, as well as
> proc, proc/self, and proc/self/fd, and a dev directory.
>
> Can someone explain why process substitution to create a virtual file
> doesn't work in a chroot environment?
/dev/fd is a symlink pointing into nirvana after using chroot.
/dev/fd symlinks to /proc/self/fd, but in the chroot'ed environment
there's no /proc anymore.
I would like to underline what is written in the above Cygwin
documentation snippet:
The chroot implementation is old, bad, and deprecated. I was going
to rip it out entirely for I don't know how often already, but there
was always somebody asking to keep it. Given that it never did what
chroot is intended, don't use it.
Corinna
next prev parent reply other threads:[~2023-08-28 8:50 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-27 22:13 Cary Lewis
2023-08-28 5:13 ` Cedric Blancher
2023-08-28 8:50 ` Corinna Vinschen [this message]
2023-10-21 22:41 ` Cygwin |chroot()| "bad" - but what should replace it ? / was: " Roland Mainz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZOxf6QOIRAciCVE6@calimero.vinschen.de \
--to=corinna-cygwin@cygwin.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).