How to Give Root Privileges to install-pkg
Of course, in Repl.it, we do not have sudo or the ability to change to a superuser through su. Since apt requires root privileges, we must use install-pkg instead. Though, it seems that install-pkg does not have full root privileges as it does not seem to be able to write to the /usr/share/ directory when trying to install open-cobol to run COBOL in Repl.it.
Is it possible to give full root privileges to install-pkg? If so, how do you do it.
Also, I have another question with this: Since Repl.it uses only local file systems for the Ubuntu VMs on which almost every repl runs, why are root privileges denied to replitors? If we had root privileges in repls, we could also use apt, dpkg, etc. and could do so much more with Repl.it, but we can't do it because we don't have sudo or a password for su. @amasad , could you explain this?
Because if you ever escape the container "jail" you could get sudo on the host where we run other people's code. Maybe @kochman can explain it better.
@amasad So, if you can get past the local filesystem, you could end up accessing the Repl.it servers? Is that what you mean? I thought repls used a VM, not just a sandboxed command line...
@AmazingMech2418 repls are Docker containers, not whole VMs. This is how we’re able to give everyone so many resources for free and give even more resources to Hackers in exchange for just a few dollars a month.
We take a layered approach to security, and one important part is to grant fewer privileges to untrusted code. There have been exploits where root inside a container can be used to obtain root on the host.
There’s probably a way to install OpenCOBOL/GnuCOBOL from source without root inside of your repl if you’re up for giving that a try. Also, our base Docker image that we run repls on top of is open source, so you could try installing it there and opening a PR! https://github.com/replit/polygott
@amasad oh so this is why sudo doesn't work
@kochman @amasad I'm guessing that Docker has to run on Linux, preferably Ubuntu or some other Debian-based distro. Unfortunately, I do not yet have a Linux computer and VirtualBox has been messing up lately for me. So, what should I do for testing purposes? I tried setting up Docker in a repl, but it didn't work. I get the following error for the
make imagecommand:Since I don't have a Linux device to run Docker on, should I just try to submit a PR and could someone at Repl.it test the Docker image for COBOL?
I will also try building from source code, but I'm not 100% sure that will work.
@AmazingMech2418 Unfortunately running Docker inside your repl doesn’t work. It requires lots of privileges that could lead to security issues if granted to untrusted users.
You should be able to run Docker on Windows. I believe there’s an official path for this that runs a Linux VM for you. I don’t have a Windows machine to try it out but I think there is a way to build polygott on Windows.