lunar (1) fakeroot-ng.1.gz

Provided by: fakeroot-ng_0.18-4.1_amd64 bug

NAME

       fakeroot-ng - run a command while making it believe it is running as root

SYNOPSIS

       fakeroot-ng [ -llogfile [-f] ] [ -ppersist_file ] [-d] command line

DESCRIPTION

       This manual page documents the fakeroot-ng command.

       Fakeroot-ng  allows  running  a process without any change to the permissions, but fooling
       the process into thinking that  it  is  running  with  root  permissions.  This  typically
       involves  intercepting  certain  system  calls the process performs and manipulating their
       results. In order for the effect to be complete enough, previous manipulations have to  be
       remembered, and consistent results returned.

       The  idea  behind fakroot-ng was first implemented by a tool called fakeroot(1). This tool
       used LD_PRELOAD of the dynamic linking to glibc in order to intercept  the  system  calls.
       While this approach is very rebust and very platform independent, it does suffer in scope.
       In  particular,  certain  operations  (mostly  the  open(2)  system  call)  could  not  be
       intercepted, which caused emulating other operations (mainly the chroot(2) system call) to
       not be supported.

       Fakeroot-ng strives to fill those gaps by using a totally different technology for  system
       call interception. Instead of using LD_PRELOAD, ptrace(2) is being used.

PARAMETERS

       -pstate_file
              Before the first process is being run, loads from state_file the information needed
              in order to maintain a consistent  view  of  file  permissions  and  owners  across
              fakeroot-ng  runs.  This  image  is  also automatically saved when the last process
              exists. If more then one instance of fakeroot-ng  is  loaded  simultaneously,  both
              with  the  same  state_file,  then  the  two  instances  will share state and their
              processes will see the same picture at runtime.

       -llog_file
              Causes fakeroot-ng to dump to log_file internal state and  processing  information.
              This is mostly useful for cases where fakeroot-ng fails to act as expected.

       -f     Causes  the log file to be flushed after every print. Guarantees that the important
              hint as to why the crash happened will be in the actual file, but has non-negligent
              performance effect. Only has effect if -l is specified.

       -d     Tells fakeroot-ng not to completely daemonize itself. This is mostly useful in case
              of crashes that cause a core dump, as the debugger would normally change  directory
              to root, which would prevent a core file from being created.

       -v     Print out the version number and copyright info and exit without doing anything.

       -h     Print out a short help screen and exit.

SIGNALS

       Sending  the  ALRM  signal  to  the  fakeroot-ng master process makes it dump to the log a
       complete list of all tracked processes, along with their parent and  current  state.  This
       is,  mostly, a debugging feature. The signal does nothing if -l is not active. Please note
       that no process executes any  system  calls  while  this  takes  place,  so  this  feature
       essentially freezes all of the debugged processes for a few seconds.

ENVIRONMENT VARIABLES AND SHARED MEMORY

       Some of the communication between fakeroot-ng and the program being fooled is done through
       a shared memory mechanism. In order to create it, fakeroot-ng creates a temporary file and
       maps  it  into  memory  as executable segment. Some systems have their /tmp folder mounted
       with the noexec flag. On those system, the mmap will fail and fakeroot-ng will not run.

       There are two environment variables that allow fakeroot-ng to find a folder in  which  the
       shared  memory  files  can be created. The first is TMPDIR. If it exists, fakeroot-ng will
       use it to create the temporary files, rather than /tmp. The problem with using TMPDIR  for
       creating  temporary  files  is  that  fakeroot-ng  is not the only one to use it. For that
       reason, if the environment has a variable called FAEKROOT_TMPDIR, its value will  override
       that of either TMPDIR or the default /tmp directory.

       On  Linux, it is usually entirely safe to point FAKEROOT_TMPDIR to /dev/shm, which usually
       lives up to expectations regarding mount mode and writability.

SECURITY CONSIDERATIONS

       Fakeroot-ng is a non-SUID  executable,  and  does  not  modify  any  sensitive  data.  It,
       therefor, does not affect the overall security of the system. One may be tempted, however,
       to use fakeroot-ng as a security tool, for running processes with  reduced  privileges  or
       inside  a  chroot jail. In addition to all the warnings that usually apply to using chroot
       jails as a security tool (in a nutshell - don't), the following should be understood.

       Unlike previous implementations, fakeroot-ng uses a  technology  that  leaves  the  traced
       process no choice regarding whether it will use fakeroot-ng's "services" or not. Compiling
       a program statically, directly calling the kernel and manipulating ones own address  space
       are  all  techniques  that can be trivially used to bypass LD_PRELOAD based control over a
       process, and do  not  apply  to  fakeroot-ng.  It  is,  theoretically,  possible  to  mold
       fakeroot-ng in such a way as to have total control over the traced process.

       While  it is theoretically possible, it has not been done. Fakeroot-ng does assume certain
       "nicely behaved" assumptions about the process being traced,  and  a  process  that  break
       those  assumptions  may be able to, if not totally escape then at least circumvent some of
       the "fake" environment imposed on it by fakeroot-ng. As  such,  you  are  strongly  warned
       against  using  fakeroot-ng  as a security tool. Bug reports that claim that a process can
       deliberatly (as opposed to inadvertly) escape fakeroot-ng's control will either be  closed
       as "not a bug" or marked as low priority.

       It  is  possible that this policy be rethought in the future. For the time being, however,
       you have been warned.

BUGS

       Plenty of those. See the "README" file for a list of known ones.

SEE ALSO

       fakeroot(1), fakechroot(1), ptrace(2), ld.so(8), chroot(1)

AUTHOR

       Fakeroot-ng was written by Shachar Shemesh.

       This manual page was written by Shachar Shemesh <shachar@debian.org>

PROJECT HOMEPAGE AND SUPPORT

       http://fakeroot-ng.lingnu.com

       Community support  is  available  exclusively  through  the  project's  mailing  list,  at
       https://lists.sourceforge.net/lists/listinfo/fakerootng-devel.

       Commercial  support  is available through Shachar's company, Lingnu Open Source Consulting
       Ltd., at http://www.lingnu.com