DNS lookups inside a chroot (was: security projects thoughts)
Joshua Root
jmr at macports.org
Sun Apr 17 01:33:25 PDT 2011
On 2011-4-17 04:56 , Jordan K. Hubbard wrote:
>
> Hurmph. Again, if you care that much about your private data and don't trust the MacPorts build process, create a chroot environment for building software and don't build it as root (who can easily escape a chroot) in there! I have done this myself many times and it's not particularly difficult.
Maybe you can help me out then. :-) I can't get (lib)curl or ping to
work inside a chroot (as created by MPAB) because their DNS lookups fail:
[MPAB_CHROOT /] $ ping www.macports.org
ping: cannot resolve www.macports.org: Unknown host
[MPAB_CHROOT /] $ curl -I www.macports.org
curl: (6) Could not resolve host: www.macports.org; nodename nor
servname provided, or not known
host(1) OTOH works fine (but IIRC it uses a different mechanism):
[MPAB_CHROOT /] $ host www.macports.org
www.macports.org is an alias for kappa4.macosforge.org.
kappa4.macosforge.org has address 17.254.20.236
I suspect there might be some files missing from the list that's copied
into the chroot [1], but I have no idea what they might be. If you don't
know off the top of your head, who would be best to ask?
- Josh
[1] <https://trac.macports.org/browser/contrib/mpab/mpab-functions#L117>
More information about the macports-dev
mailing list