Provided by: fakeroot-ng_0.18-4build2_amd64 bug

NAME
       fakeroot-ng - run a command while making it believe it is running as root


SYNOPSIS
       fakeroot-ng [ -llogfile [-f] ] [ -ppersist_file ] [-d] command line


DESCRIPTION
       This manual page documents the fakeroot-ng command.

       Fakeroot-ng  allows running a process without any change to the permissions, but fooling the process into
       thinking that it is running with root permissions. This typically involves  intercepting  certain  system
       calls the process performs and manipulating their results. In order for the effect to be complete enough,
       previous manipulations have to be remembered, and consistent results returned.

       The idea behind fakroot-ng was first implemented by a tool called fakeroot(1). This tool used  LD_PRELOAD
       of  the  dynamic  linking  to  glibc  in order to intercept the system calls. While this approach is very
       rebust and very platform independent, it does suffer in scope. In particular, certain operations  (mostly
       the  open(2)  system  call) could not be intercepted, which caused emulating other operations (mainly the
       chroot(2) system call) to not be supported.

       Fakeroot-ng strives to fill  those  gaps  by  using  a  totally  different  technology  for  system  call
       interception. Instead of using LD_PRELOAD, ptrace(2) is being used.


PARAMETERS
       -pstate_file
              Before  the  first  process is being run, loads from state_file the information needed in order to
              maintain a consistent view of file permissions and owners across fakeroot-ng runs. This  image  is
              also automatically saved when the last process exists. If more then one instance of fakeroot-ng is
              loaded simultaneously, both with the same state_file, then the two instances will share state  and
              their processes will see the same picture at runtime.

       -llog_file
              Causes  fakeroot-ng  to dump to log_file internal state and processing information. This is mostly
              useful for cases where fakeroot-ng fails to act as expected.

       -f     Causes the log file to be flushed after every print. Guarantees that the important hint as to  why
              the  crash happened will be in the actual file, but has non-negligent performance effect. Only has
              effect if -l is specified.

       -d     Tells fakeroot-ng not to completely daemonize itself. This is mostly useful  in  case  of  crashes
              that  cause  a  core  dump,  as  the debugger would normally change directory to root, which would
              prevent a core file from being created.

       -v     Print out the version number and copyright info and exit without doing anything.

       -h     Print out a short help screen and exit.


SIGNALS
       Sending the ALRM signal to the fakeroot-ng master process makes it dump to the log a complete list of all
       tracked  processes,  along with their parent and current state. This is, mostly, a debugging feature. The
       signal does nothing if -l is not active. Please note that no process executes any system calls while this
       takes place, so this feature essentially freezes all of the debugged processes for a few seconds.


ENVIRONMENT VARIABLES AND SHARED MEMORY
       Some  of  the  communication  between  fakeroot-ng  and the program being fooled is done through a shared
       memory mechanism. In order to create it, fakeroot-ng creates a temporary file and maps it into memory  as
       executable  segment.  Some  systems have their /tmp folder mounted with the noexec flag. On those system,
       the mmap will fail and fakeroot-ng will not run.

       There are two environment variables that allow fakeroot-ng to find a folder in which  the  shared  memory
       files  can be created. The first is TMPDIR. If it exists, fakeroot-ng will use it to create the temporary
       files, rather than /tmp. The problem with using TMPDIR for creating temporary files is  that  fakeroot-ng
       is not the only one to use it. For that reason, if the environment has a variable called FAEKROOT_TMPDIR,
       its value will override that of either TMPDIR or the default /tmp directory.

       On Linux, it is usually entirely safe to point FAKEROOT_TMPDIR to /dev/shm, which  usually  lives  up  to
       expectations regarding mount mode and writability.


SECURITY CONSIDERATIONS
       Fakeroot-ng  is  a  non-SUID  executable,  and does not modify any sensitive data. It, therefor, does not
       affect the overall security of the system. One may be tempted, however, to use fakeroot-ng as a  security
       tool,  for  running  processes  with  reduced  privileges or inside a chroot jail. In addition to all the
       warnings that usually apply to using chroot jails as a  security  tool  (in  a  nutshell  -  don't),  the
       following should be understood.

       Unlike  previous  implementations, fakeroot-ng uses a technology that leaves the traced process no choice
       regarding whether it will use fakeroot-ng's "services" or not. Compiling a program  statically,  directly
       calling  the kernel and manipulating ones own address space are all techniques that can be trivially used
       to bypass LD_PRELOAD based control over a process, and do not apply to fakeroot-ng. It is, theoretically,
       possible to mold fakeroot-ng in such a way as to have total control over the traced process.

       While  it  is  theoretically  possible,  it  has  not  been done. Fakeroot-ng does assume certain "nicely
       behaved" assumptions about the process being traced, and a process that break those  assumptions  may  be
       able  to,  if not totally escape then at least circumvent some of the "fake" environment imposed on it by
       fakeroot-ng. As such, you are strongly warned against using fakeroot-ng as a security tool.  Bug  reports
       that  claim  that  a process can deliberatly (as opposed to inadvertly) escape fakeroot-ng's control will
       either be closed as "not a bug" or marked as low priority.

       It is possible that this policy be rethought in the future. For the time being, however,  you  have  been
       warned.


BUGS
       Plenty of those. See the "README" file for a list of known ones.


SEE ALSO
       fakeroot(1), fakechroot(1), ptrace(2), ld.so(8), chroot(1)


AUTHOR
       Fakeroot-ng was written by Shachar Shemesh.

       This manual page was written by Shachar Shemesh <shachar@debian.org>


PROJECT HOMEPAGE AND SUPPORT
       http://fakeroot-ng.lingnu.com

       Community    support    is    available    exclusively   through   the   project's   mailing   list,   at
       https://lists.sourceforge.net/lists/listinfo/fakerootng-devel.

       Commercial support is available through  Shachar's  company,  Lingnu  Open  Source  Consulting  Ltd.,  at
       http://www.lingnu.com