How to Give Root Privileges to install-pkg
Of course, in Repl.it, we do not have sudo
or the ability to change to a superuser through su
. Since apt requires root privileges, we must use install-pkg
instead. Though, it seems that install-pkg
does not have full root privileges as it does not seem to be able to write to the /usr/share/
directory when trying to install open-cobol
to run COBOL in Repl.it.
Is it possible to give full root privileges to install-pkg
? If so, how do you do it.
Also, I have another question with this: Since Repl.it uses only local file systems for the Ubuntu VMs on which almost every repl runs, why are root privileges denied to replitors? If we had root privileges in repls, we could also use apt, dpkg, etc. and could do so much more with Repl.it, but we can't do it because we don't have sudo
or a password for su
.
Because if you ever escape the container "jail" you could get sudo on the host where we run other people's code. Maybe
@kochman can explain it better.We take a layered approach to security, and one important part is to grant fewer privileges to untrusted code. There have been exploits where root inside a container can be used to obtain root on the host.
There’s probably a way to install OpenCOBOL/GnuCOBOL from source without root inside of your repl if you’re up for giving that a try. Also, our base Docker image that we run repls on top of is open source, so you could try installing it there and opening a PR! https://github.com/replit/polygott
make image
command:Since I don't have a Linux device to run Docker on, should I just try to submit a PR and could someone at Repl.it test the Docker image for COBOL?
I will also try building from source code, but I'm not 100% sure that will work.
You should be able to run Docker on Windows. I believe there’s an official path for this that runs a Linux VM for you. I don’t have a Windows machine to try it out but I think there is a way to build polygott on Windows.