| 1 |
On 04/01/2022 20.18, Michael Orlitzky wrote: |
| 2 |
> On Tue, 2022-01-04 at 19:26 +0100, Piotr Karbowski wrote: |
| 3 |
>> |
| 4 |
>> And none of which happens unless you intentionally trigger it. |
| 5 |
>> |
| 6 |
>> ... |
| 7 |
>> |
| 8 |
>> Sure, acl and how chmod manipulate mask on ACL-enabled entities is not |
| 9 |
>> very simple, but nothing will break by itself just because you have acl |
| 10 |
>> support enabled, you would need to try very hard to run into problems. |
| 11 |
>> |
| 12 |
>> |
| 13 |
> |
| 14 |
> Even if you're right, and if no other tools invoke tar, and the user is |
| 15 |
> smart enough not to copy/paste commands from the web, and if no other |
| 16 |
> archivers can extract ACLs when invoked directly or indirectly... |
| 17 |
> you're still burdening the user to either have faith that this is all |
| 18 |
> true, or to verify it himself. Repeat the argument for other flags like |
| 19 |
> ipv6, and you wind up requiring either a lot of faith, or a lot of |
| 20 |
> diligence, both of which are antithetical to basic principles of |
| 21 |
> security. |
| 22 |
> |
| 23 |
> You may not buy the argument, but it's why people disable this stuff, |
| 24 |
> and the ability to disable it is why a lot of our users user Gentoo to |
| 25 |
> begin with. |
| 26 |
|
| 27 |
I was challenging here your opinion that most people should disable acl |
| 28 |
support. |
| 29 |
|
| 30 |
And what I showed is that, by keeping it enabled, does not bring on you |
| 31 |
potential problems beside possible security issues in the code that you |
| 32 |
keep around and not want to have around. |
| 33 |
|
| 34 |
Sure, there are valid reasons to strip things from kernel, I've seen |
| 35 |
some tor nodes running kernel without input devices all out of |
| 36 |
initramfs, such usecase do make sense. |
| 37 |
|
| 38 |
However I am strongly against opinion that most people should not enable |
| 39 |
acl, unless you have 16 MB NOR flash storage and every kB of kernel |
| 40 |
image counts, but then it's unlikely that you'd use gentoo there in the |
| 41 |
first place, since bundling headers and whole toolchain would east a lot |
| 42 |
of storage. |
| 43 |
|
| 44 |
I know there are people who love to disable things, there are even |
| 45 |
people who says that pam is bloatware and strip it, or people who, |
| 46 |
security reason as they claim, refuse to use logind provider (elogind or |
| 47 |
systemd) and instead choose to run Xorg as root. |
| 48 |
|
| 49 |
-- Piotr. |
Archives