| 1 |
On Monday, November 28, 2016 02:39:48 PM William L. Thomson Jr. wrote: |
| 2 |
> On Monday, November 28, 2016 10:42:54 AM EST Alec Warner wrote: |
| 3 |
> > Generally speaking as a fellow who maintained thousands of systems (many |
| 4 |
> > of |
| 5 |
> > which ran various operating systems.) |
| 6 |
> > |
| 7 |
> > You cannot rely on all OS vendors to synchronize uid / gid. You cannot |
| 8 |
> > even |
| 9 |
> > rely on some single vendors to synchronize uid / gids between releases of |
| 10 |
> > their own products. |
| 11 |
> |
| 12 |
> I believe the main reason such is the case is a lack of any such list or |
| 13 |
> database for others to adhere to. Once again an area Gentoo could be |
| 14 |
> leading. Had Gentoo done this years ago others might have adopted. |
| 15 |
> |
| 16 |
> IMHO it is something that should be a part of LSB. If not POSIX in general. |
| 17 |
> One cannot really change the past or current state of things. But can make |
| 18 |
> the future better. |
| 19 |
|
| 20 |
Highly detailed lists like that--used as a broad standard--are a bad idea. |
| 21 |
They represent a single synchronization point that everyone must adhere to. |
| 22 |
|
| 23 |
That means that every prospective adjustment to the list requires active |
| 24 |
maintenance. That means that for every new daemon someone writes, they have to |
| 25 |
go through an admissions process. For every contentious fork of a project, you |
| 26 |
risk conflict over who the designated contact for the assignment should be. |
| 27 |
|
| 28 |
It adds a large bureaucratic load on everyone. Every itch some developer |
| 29 |
thinks about scratching has to be weighed against engaging with some process- |
| 30 |
laden entity. Maybe they'll participate, but they likely won't. |
| 31 |
|
| 32 |
Have you watched the IANA ports assignment registry over the years? Consider |
| 33 |
how many services and tools you've seen that *don't* respect it. |
| 34 |
|
| 35 |
And what is the list managing? A limited namespace, currently only 32 bits, |
| 36 |
but with tools like, say, Samba and sssd reserving large chunks for stable UID |
| 37 |
and GID mapping. One could argue that a stable list could obviate the need for |
| 38 |
some of that mapping, but you've got decades-old existing networks that aren't |
| 39 |
going anywhere, and you'll still need to interface with systems run by people |
| 40 |
who will deliberately run counter to such lists as a security layer, just as |
| 41 |
you interface with systems that run SSH or HTTP on nonstandard ports. |
| 42 |
|
| 43 |
You'll still run into all of these issues and more if you try generalize the |
| 44 |
list to region allocation: |
| 45 |
|
| 46 |
Say you try to assign regions for system daemons vs users, and you're on a |
| 47 |
host that interacts with two other hosts without full mutual trust. You're |
| 48 |
serving up a shared filesystem, and all three involved hosts each have a system |
| 49 |
daemon user and a system normal user with an object on that shared filesystem. |
| 50 |
|
| 51 |
Presented with a directory listing showing the UIDs and GIDs for each object, |
| 52 |
how do you distinguish between the system user from each host? The two hosts |
| 53 |
shouldn't have access to each others' files, even if they use the same UID |
| 54 |
locally, because the two hosts don't trust each other. |
| 55 |
|
| 56 |
That considered, how, then, how do you identify between another host's system |
| 57 |
user and its normal user, inasmuch as you can't let them collide with IDs on |
| 58 |
your own system, but are trying to ensure that their IDs get mapped into the |
| 59 |
correct local range? |
| 60 |
|
| 61 |
That considered, what do you do when the Big List Maintainers add another |
| 62 |
region? How do you cope with another host that uses a newer version of that |
| 63 |
list? An older version? And now that you've upgraded, and the new version of |
| 64 |
the list says you should have mapped something somewhere else, what do you do |
| 65 |
with it? Do you even have enough information to know that an ID you mapped |
| 66 |
last year should have been in that other category? |
| 67 |
|
| 68 |
And while we're talking about allocating ranges, we can start talking about |
| 69 |
limited address space. 32 bits seems like a lot of individual identities, but |
| 70 |
when you're carving it up into multiple masses of identities, you'll find it |
| 71 |
gets very small, very quickly. That's why IPv6 went with 128 bits instead of a |
| 72 |
64 bit address space. |
| 73 |
|
| 74 |
All of this is why we use identity management tools like LDAP in the first |
| 75 |
place. Heck, it's why we have passwd and group files for mapping names to ids |
| 76 |
and didn't simply hardcode system IDs decades ago. |
| 77 |
|
| 78 |
-- |
| 79 |
:wq |
Archives