X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 7EBED385840C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1693212666;
	bh=ifoqK1ux21ktetJ2ayWnltxboVZtMeSTyqrr+4a+JHw=;
	h=Date:To:Subject:References:In-Reply-To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	 From;
	b=bfje/G6MEGZCCnsC9iUCjP7Kmu/MWgDm0QmkjLg5ggg8myfALLCc/oz2SCPVUDA2u
	 j9ULYm4uK24DRisO5zrzvb401LAjWXbGpxm2mHdhvBoazTAmfhWD+Uj+KRiRnLwUpt
	 zZg9DT6g/huxyKJ33+kEep0GLu4rU3BbXtQSS37k=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DD6F53858D38
Date: Mon, 28 Aug 2023 10:50:49 +0200
To: cygwin AT cygwin DOT com
Subject: Re: process substitution to create a virtual file doesn't work in
 chroot environment
Message-ID: <ZOxf6QOIRAciCVE6@calimero.vinschen.de>
Mail-Followup-To: cygwin AT cygwin DOT com
References: <CAEF1h+XMtnd0_28cLNnEB2Q+XAxXE3VMZtXh9LLQzeP7n-fAJw AT mail DOT gmail DOT com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <CAEF1h+XMtnd0_28cLNnEB2Q+XAxXE3VMZtXh9LLQzeP7n-fAJw@mail.gmail.com>
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Corinna Vinschen via Cygwin <cygwin AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
Cc: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>

On Aug 27 18:13, Cary Lewis via Cygwin wrote:
> In a cygwin process that is started either from mintty or bash directly the
> following:
> 
> $ user=234
> 
> $ ./cat <(echo $user)
> 234
> works as expected.
> 
> But after a chroot:

From https://cygwin.com/cygwin-ug-net/highlights.html:

  chroot is supported. Kind of. Chroot is not a concept known by
  Windows. This implies some serious restrictions. First of all, the
  chroot call isn't a privileged call. Any user may call it. Second, the
  chroot environment isn't safe against native windows processes.  Given
  that, chroot in Cygwin is only a hack which pretends security where
  there is none. For that reason the usage of chroot is discouraged.
  Don't use it unless you really, really know what you're doing.

> $ chroot . ./bash
> user=234
> $  ./cat <(echo $user)
> ./cat: /dev/fd/63: No such file or directory
> 
> In the directory I am chrooting in, I created a tmp folder, as well as
> proc, proc/self, and proc/self/fd, and a dev directory.
> 
> Can someone explain why process substitution to create a virtual file
> doesn't work in a chroot environment?

/dev/fd is a symlink pointing into nirvana after using chroot.

/dev/fd symlinks to /proc/self/fd, but in the chroot'ed environment
there's no /proc anymore.

I would like to underline what is written in the above Cygwin
documentation snippet:

The chroot implementation is old, bad, and deprecated.  I was going
to rip it out entirely for I don't know how often already, but there
was always somebody asking to keep it.  Given that it never did what
chroot is intended, don't use it.


Corinna

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple