| 1 |
On Wed, Jul 18, 2012 at 4:02 PM, Rich Freeman <rich0@g.o> wrote: |
| 2 |
> On Wed, Jul 18, 2012 at 3:40 PM, Michael Mol <mikemol@×××××.com> wrote: |
| 3 |
>> So your initramfs doesn't include network tools such as ping, |
| 4 |
>> traceroute or wget. Fine. Fundamentally speaking, why shouldn't |
| 5 |
>> someone else's? |
| 6 |
> |
| 7 |
> So, an initramfs is just a piece of kernel functionality. You can do |
| 8 |
> almost ANYTHING in an initramfs, subject to the limitation that it is |
| 9 |
> stored in RAM without any backing store. |
| 10 |
|
| 11 |
Yup. IIRC, it has effectively the same underlying implementation as |
| 12 |
tmpfs, using always-dirty file cache pages. |
| 13 |
|
| 14 |
> |
| 15 |
> There are lots of reasons to use an initramfs, and the biggest ones |
| 16 |
> don't pertain much to Gentoo. Here are some of the big use cases: |
| 17 |
> |
| 18 |
> 1. One-size-fits-all kernel. You want to support root and /usr on |
| 19 |
> any filesystem, on any kind of hard drive, or on a SAN, or who knows |
| 20 |
> where. That either means saying Y to every driver in the kernel, or |
| 21 |
> saying M and using an initramfs to load what is needed to get to root. |
| 22 |
> |
| 23 |
> 2. One-size-fits-all grub config. You put the smarts in the |
| 24 |
> initramfs, and use filesystem labels and such to identify partitions. |
| 25 |
> |
| 26 |
> 3. Use of labels/UUIDs on partitions. When mdadm decides to renumber |
| 27 |
> half your devices on a whim or you add a drive and everything bubbles |
| 28 |
> down by one, your system still boots. |
| 29 |
> |
| 30 |
> 4. Cleaner mounting of root, ability to fsck on initial mount, etc. |
| 31 |
> |
| 32 |
> 5. When something goes wrong you can get a dash/bash shell instead of |
| 33 |
> a grub shell. The former is clearly more useful even if you don't |
| 34 |
> have firefox+X11 in your initramfs. |
| 35 |
> |
| 36 |
> 6. Support for booting off of stuff that the kernel can't find on its |
| 37 |
> own, like SANs/etc. That might require network support in the |
| 38 |
> initramfs, and that usually isn't a big deal. If somebody can spoof |
| 39 |
> DNS on your fiber channel interface you've got bigger problems. |
| 40 |
> |
| 41 |
> Sure, the more you do with the initramfs the bigger the potential |
| 42 |
> security risks. Most distros don't have users build either kernels or |
| 43 |
> initramfs which means they can just push updates, but that requires #1 |
| 44 |
> above, which I think most Gentoo users would not appreciate. |
| 45 |
|
| 46 |
I fall into use cases 3 and 5, myself. Incidentally, bash is also |
| 47 |
network-aware. (Not sure if the default USE flag set allows it, |
| 48 |
though.) Were I to explicitly add network-aware tools, I'd probably |
| 49 |
add either ssh/sftp/scp or links. |
| 50 |
|
| 51 |
> |
| 52 |
> However, the initramfs shouldn't leave much of anything running after |
| 53 |
> it chroots, so the window should be fairly small. |
| 54 |
|
| 55 |
So is the window for spoofing DNS responses. That didn't stop DNS |
| 56 |
hijacking from being fairly easy. (And why there was a large |
| 57 |
coordinated, cross-vendor effort to add source-port randomization once |
| 58 |
it was shown to be easy.) |
| 59 |
|
| 60 |
Multi-threaded native code has been my day job for the last five |
| 61 |
years. I may be a bit biased when it comes to race conditions. |
| 62 |
|
| 63 |
-- |
| 64 |
:wq |
Archives