| cancer 8 | 2024-07-25 | cancer manual |
|---|
cancer - semi-chroot for executing bloatware
cancer confname [bloatware] [args]
cancer is a suid root program that loads a root-owned config file, creates new chroot-like environment using Linux namespace(s) and executes a typically unprivileged process within that environemnt.The intention is to install a modern Linux distribution in a chroot then execute bloatware from within that installation on the host system in a way that the bloatware picks up shared libraries and data files from the chroot but oterhwise fully integrates into the host system's environment.
Config files are root owner plain text files in /etc/cancer with file names including only alphanumeric characters, dashes and underscores. They contain cancer0 command line arguments separated by whitespace (newlines included). The usual shell syntax with quotes and backslashes work. There are no comments.
The config file always sets up the environment as cancer's command line arguments are limited to specify the bloatware's path and arguments. This is for security: cancer is a suid-root program and can make mounts and execute commands as root via the configuration.
cancer sets up a new argument list that starts with a dummy argv[0] then has all arguments from the config file followed by all arguments from cancer's own command line.
If the config file has a "--" argument, after that it may specify thebloatware command and optionally the first few arguments to the bloatware. This way any user supplied command line argument supplied tocancer are only appended to the bloatware command line and the user can not specify which executable to run.
If the config file doesn't contain a "--" argument, cancerappends "--" after the last argument loaded from the config file, making sure user supplied command line arguments can not be interpreted as config items.
If the configuration doesn't have an explicit user switch (the -u argument),cancer drops root privileges and switches back to the calling user right before executing bloatware.
A typical configuration file will have set a few environment variables with -e and makes a few mounts with -m. When no -u and -g is used in the config, at the end bloatware is ran with the same user ID and group IDs that executed cancer.
| cancer 8 | 2024-07-25 | cancer manual |
|---|