| 1 |
On Thu, Jul 13, 2017 at 10:58 AM, Andrew Savchenko <bircoph@g.o> wrote: |
| 2 |
> On Thu, 13 Jul 2017 10:29:06 -0400 Mike Gilbert wrote: |
| 3 |
>> On Thu, Jul 13, 2017 at 7:35 AM, M. J. Everitt <m.j.everitt@×××.org> wrote: |
| 4 |
>> > On 13/07/17 12:09, Rich Freeman wrote: |
| 5 |
>> >> Presumably you'd only want to remount it if it was mounted ro to |
| 6 |
>> >> start, since it sounds like openrc will be diverging from systemd |
| 7 |
>> >> behavior here. |
| 8 |
>> >> |
| 9 |
>> >> While it seems like a good idea I'm not sure how big an improvement it |
| 10 |
>> >> is in the larger scheme. We're worried about root accidentially |
| 11 |
>> >> modifying efivars, but we have no safeguards against root writing to |
| 12 |
>> >> /dev/sda, and the latter seems much more likely to cause harm, and is |
| 13 |
>> >> harder to fix. |
| 14 |
>> >> |
| 15 |
>> > In case you weren't aware, Rich, rewriting the efivars actually writes |
| 16 |
>> > to the system BIOS, which renders the computer completely unbootable .. |
| 17 |
>> > not quite the same as erasing the boot sector of your hard disk, where |
| 18 |
>> > you simply plug in another device, and Off you go ... |
| 19 |
>> > |
| 20 |
>> |
| 21 |
>> We are actually talking about protecting people who run something like |
| 22 |
>> rm -rf /sys/firmware/efi/efivars/ as root. |
| 23 |
>> |
| 24 |
>> If you are dumb enough to do something like that, you almost deserve |
| 25 |
>> to spend a couple hundred on a new motherboard. |
| 26 |
> |
| 27 |
> Or just rm -rf / |
| 28 |
> [pedantic] |
| 29 |
> of course with newer rm versions one needs to run: |
| 30 |
> rm -rf --no-preserve-root / |
| 31 |
> or |
| 32 |
> rm -rf /* /.* |
| 33 |
> [/pedantic] |
| 34 |
> |
| 35 |
> But in some scenarios this command is normal. E.g. user installs |
| 36 |
> Gentoo from some live dvd/flash, makes some mistakes, understands |
| 37 |
> that system is broken beyond repair and decides to start over again. |
| 38 |
> If there is no need to recreate filesystem itself or partition |
| 39 |
> layout, running rm -rf / as above is quite reasonable. |
| 40 |
> |
| 41 |
> When running this command user expects to kill the data, but not |
| 42 |
> the hardware. That is my point. I can't call such action dumb. |
| 43 |
> |
| 44 |
> Best regards, |
| 45 |
> Andrew Savchenko |
| 46 |
|
| 47 |
Point taken. |
| 48 |
|
| 49 |
Although, if the user is in the process of installing Gentoo, efivarfs |
| 50 |
is likely to be mounted rw anyway so that the user can install a boot |
| 51 |
loader. Having grub-install perform the remount would minimize this |
| 52 |
small risk I suppose. |
Archives