[distcc] Restrict Distcc over SSH (command parameter)

Fergus Henderson fergus at google.com
Tue Nov 18 02:15:46 MST 2014 

On 17 Nov 2014 18:52, "Martin Pool" <mbp at sourcefrog.net> wrote:
>
> Hi, Sebastian,
>
> I don't recall the exact command, but it's probably going to be `distccd
--inet ...something...`. You might be able to see it in the distcc verbose
log.
>
> Being able to restrict the command would be good.
>
> However the main problem with this approach is that distccd in turn
executes a client-supplied command, and it at the moment doesn't have a way
to limit that.

Actually we do have a way to limit that, via commands.allow.sh which is
executed by /etc/init.d/distccd and which sets environment variables used
by distccd.

See the following extract from the distccd man page:

-----
*ENVIRONMENT VARIABLES*

*DISTCC_**CMDLIST*
If the environment variable DISTCC_CMDLIST is set, load a list of supported
commands from the file named by DISTCC_CMDLIST, and refuse to serve any
command whose last DISTCC_CMDLIST_MATCHWORDS last words do not match those
of a command in that list. See the comments in src/serve.c.

*DISTCC_**CMDLIST**_**NUMWORDS*
The number of words, from the end of the command, to match. The default is
1.
----

> Two complementary things we could do:
> - run distcc within a chroot/container that contains only the compiler -
ideally, provide a reusable way for other people to set this up - at least
documentation, maybe a script
> - give distccd restrictions on what commands it can run
>
>
> On Sun Nov 09 2014 at 7:29:12 AM Sebastian Wieseler <
sebastian at nanofortnight.org> wrote:
>>
>> Hello Distcc List,
>>
>> I followed the guide http://wiki.gentoo.org/wiki/Distcc to get Distcc to
work with SSH.
>> That should work as followed:
>>         /usr/bin/distcc-config --set-hosts "@test1"
>>
>> I just wondering how to limit the portage user to get a real SSH shell
on the "compiling box".
>> There should be a way with the .authorized_keys and the command="…"
parameter for the SSH key.
>>
>> What command will be exactly executed on the remote host within the
distcc call?
>> To just specify command="/usr/bin/distcc" does not work for example.
>>
>> Is there a way to make this even more secure? I couldn't find any
information on this on the web.
>> Thanks for helping.
>>
>> Best Regards,
>> Sebastian 'kickino'
>> --
>>   ,= ,-_-. =.           /"\
>>  ((_/)o o(\_))          \ /    ASCII Ribbon Campaign
>>   `-'(. .)`-'   &&       X      against HTML e-mail
>>       \_/               / \
>>
>>
>> __
>> distcc mailing list            http://distcc.samba.org/
>> To unsubscribe or change options:
>> https://lists.samba.org/mailman/listinfo/distcc
>
>
> __
> distcc mailing list            http://distcc.samba.org/
> To unsubscribe or change options:
> https://lists.samba.org/mailman/listinfo/distcc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/distcc/attachments/20141118/a86c82ea/attachment.html>

More information about the distcc mailing list