1 |
On Thu, Jul 13, 2017 at 7:35 AM, M. J. Everitt <m.j.everitt@×××.org> wrote: |
2 |
> On 13/07/17 12:09, Rich Freeman wrote: |
3 |
>> Presumably you'd only want to remount it if it was mounted ro to |
4 |
>> start, since it sounds like openrc will be diverging from systemd |
5 |
>> behavior here. |
6 |
>> |
7 |
>> While it seems like a good idea I'm not sure how big an improvement it |
8 |
>> is in the larger scheme. We're worried about root accidentially |
9 |
>> modifying efivars, but we have no safeguards against root writing to |
10 |
>> /dev/sda, and the latter seems much more likely to cause harm, and is |
11 |
>> harder to fix. |
12 |
>> |
13 |
> In case you weren't aware, Rich, rewriting the efivars actually writes |
14 |
> to the system BIOS, which renders the computer completely unbootable .. |
15 |
> not quite the same as erasing the boot sector of your hard disk, where |
16 |
> you simply plug in another device, and Off you go ... |
17 |
> |
18 |
|
19 |
We are actually talking about protecting people who run something like |
20 |
rm -rf /sys/firmware/efi/efivars/ as root. |
21 |
|
22 |
If you are dumb enough to do something like that, you almost deserve |
23 |
to spend a couple hundred on a new motherboard. |