Debian Patches
Status for switchsh/0~20070801-5
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| use_execvp.patch | Use execvp so the executable is searched for in PATH =================================================================== |
no | ||||
| gnu_source.patch | define _GNU_SOURCE to use CLONE_NEWNS flag The current source assumes this is available; it is really a GNU extension | Jonathan Wiltshire <jmw@tiger-computing.co.uk> | no | debian | 2013-06-05 | |
| remount_rootfs_rslave.patch | When / is mounted as shared, unshare(CLONE_NEWNS) doesn't prevent the bind mount to be system wide. Worse: it isn't unmounted at exit. Thus this patch wich remount / with --make-rslave. See #739593 for more details. =================================================================== |
Gilles Filippini <pini@debian.org> | no | debian | ||
| 0004-Don-t-fork-just-exec-directly.patch | Don't fork, just exec directly The child process sees the same environment anyway. Before: $ sudo strace -fbexecve sF/usr/bin/switchsh echo execve("sF/usr/bin/switchsh", ["sF/usr/bin/switchsh", "echo"], 0x7fffbe6b6840 /* 15 vars */) = 0 brk(NULL) = 0x565446ebd000 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb477bb6000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=94082, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 94082, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fb477b9f000 close(3) = 0 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20t\2\0\0\0\0\0"..., 832) = 832 pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784 newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=1922136, ...}, AT_EMPTY_PATH) = 0 pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784 mmap(NULL, 1970000, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fb4779be000 mmap(0x7fb4779e4000, 1396736, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x26000) = 0x7fb4779e4000 mmap(0x7fb477b39000, 339968, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17b000) = 0x7fb477b39000 mmap(0x7fb477b8c000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1ce000) = 0x7fb477b8c000 mmap(0x7fb477b92000, 53072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fb477b92000 close(3) = 0 mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4779bb000 arch_prctl(ARCH_SET_FS, 0x7fb4779bb740) = 0 set_tid_address(0x7fb4779bba10) = 2093734 set_robust_list(0x7fb4779bba20, 24) = 0 rseq(0x7fb4779bc060, 0x20, 0, 0x53053053) = 0 mprotect(0x7fb477b8c000, 16384, PROT_READ) = 0 mprotect(0x56544676d000, 4096, PROT_READ) = 0 mprotect(0x7fb477be8000, 8192, PROT_READ) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 munmap(0x7fb477b9f000, 94082) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fb4779bba10) = 2093735 wait4(2093735, strace: Process 2093735 attached <unfinished ...> [pid 2093735] set_robust_list(0x7fb4779bba20, 24) = 0 [pid 2093735] unshare(CLONE_NEWNS) = 0 [pid 2093735] mount("", "/", NULL, MS_REC|MS_SLAVE, NULL) = 0 [pid 2093735] mount("/bin/bash", "/bin/sh", NULL, MS_BIND, NULL) = 0 [pid 2093735] getgid() = 0 [pid 2093735] setgid(0) = 0 [pid 2093735] getuid() = 0 [pid 2093735] setuid(0) = 0 [pid 2093735] execve("/usr/local/sbin/echo", ["echo"], 0x7fff82ff6b50 /* 15 vars */) = -1 ENOENT (No such file or directory) [pid 2093735] execve("/usr/local/bin/echo", ["echo"], 0x7fff82ff6b50 /* 15 vars */) = -1 ENOENT (No such file or directory) [pid 2093735] execve("/sbin/echo", ["echo"], 0x7fff82ff6b50 /* 15 vars */) = -1 ENOENT (No such file or directory) [pid 2093735] execve("/bin/echo", ["echo"], 0x7fff82ff6b50 /* 15 vars */strace: Process 2093735 detached <detached ...> <... wait4 resumed>[{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 2093735 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2093735, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- exit_group(0) = ? +++ exited with 0 +++ After: $ sudo strace -fbexecve sU/usr/bin/switchsh echo execve("sU/usr/bin/switchsh", ["sU/usr/bin/switchsh", "echo"], 0x7fff8c887a70 /* 15 vars */) = 0 brk(NULL) = 0x561c96fc2000 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd95c3e5000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=94082, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 94082, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fd95c3ce000 close(3) = 0 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20t\2\0\0\0\0\0"..., 832) = 832 pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784 newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=1922136, ...}, AT_EMPTY_PATH) = 0 pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784 mmap(NULL, 1970000, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fd95c1ed000 mmap(0x7fd95c213000, 1396736, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x26000) = 0x7fd95c213000 mmap(0x7fd95c368000, 339968, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17b000) = 0x7fd95c368000 mmap(0x7fd95c3bb000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1ce000) = 0x7fd95c3bb000 mmap(0x7fd95c3c1000, 53072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fd95c3c1000 close(3) = 0 mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd95c1ea000 arch_prctl(ARCH_SET_FS, 0x7fd95c1ea740) = 0 set_tid_address(0x7fd95c1eaa10) = 2094439 set_robust_list(0x7fd95c1eaa20, 24) = 0 rseq(0x7fd95c1eb060, 0x20, 0, 0x53053053) = 0 mprotect(0x7fd95c3bb000, 16384, PROT_READ) = 0 mprotect(0x561c95d25000, 4096, PROT_READ) = 0 mprotect(0x7fd95c417000, 8192, PROT_READ) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 munmap(0x7fd95c3ce000, 94082) = 0 unshare(CLONE_NEWNS) = 0 mount("", "/", NULL, MS_REC|MS_SLAVE, NULL) = 0 mount("/bin/bash", "/bin/sh", NULL, MS_BIND, NULL) = 0 getgid() = 0 setgid(0) = 0 getuid() = 0 setuid(0) = 0 execve("/usr/local/sbin/echo", ["echo"], 0x7fff35c899e0 /* 15 vars */) = -1 ENOENT (No such file or directory) execve("/usr/local/bin/echo", ["echo"], 0x7fff35c899e0 /* 15 vars */) = -1 ENOENT (No such file or directory) execve("/sbin/echo", ["echo"], 0x7fff35c899e0 /* 15 vars */) = -1 ENOENT (No such file or directory) execve("/bin/echo", ["echo"], 0x7fff35c899e0 /* 15 vars */strace: Process 2094439 detached <detached ...> |
=?utf-8?b?0L3QsNCx?= <nabijaczleweli@nabijaczleweli.xyz> | no | 2024-11-01 | ||
| 0005-Try-to-bind-mount-over-bin-sh-instead-of-over-realpa.patch | Try to bind-mount over /bin/sh instead of over $(realpath /bin/sh) first Also, use the new canonical name for bash. |
=?utf-8?b?0L3QsNCx?= <nabijaczleweli@nabijaczleweli.xyz> | no | debian | 2024-10-17 |
All known versions for source package 'switchsh'
- 0~20070801-5 (sid, trixie, forky)
- 0~20070801-4 (bookworm)