1 |
On Mon, 12 Sep 2011 05:59:29 PM Michael Schreckenbauer wrote: |
2 |
> Hi Canek, |
3 |
> |
4 |
> On Monday, 12. September 2011 11:35:13 Canek Peláez Valdés wrote: |
5 |
> > (This would be my only post in this new thread: I think I have made my |
6 |
> > point of view clear in the other thread). |
7 |
> > |
8 |
> > I have seen a lot of disinformation going on in the other threads |
9 |
> > (like some people suggesting that /var would not be able to be on its |
10 |
> > own partition at some point in the future). Just before everyone start |
11 |
> > to wildy conjecture, please take a look at this: |
12 |
> > |
13 |
> > http://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken |
14 |
> |
15 |
> well, the culprit here is: |
16 |
> "The binaries called from these rules are sometimes located on /usr/bin, or |
17 |
> link against libraries in /usr/lib, or use data files from /usr/share. If |
18 |
> these rules fail udev will proceed with the next one, however later on |
19 |
> applications will then not properly detect these udev devices or features |
20 |
> of these devices." |
21 |
|
22 |
|
23 |
My major worry is that udev is happily running arbitrary scripts from |
24 |
arbitrary locations early in the boot process, and is actively trying to make |
25 |
this easier. |
26 |
|
27 |
How much more Microsoft-security-ish do we want Linux to get? |
28 |
|
29 |
From a paranoid-security point of view, I think the proper solution is to just |
30 |
*insist* that all scripts/executables run from udev be located in /{s}bin * |
31 |
/lib (or even in /udev_libexec) and run all scripts from a restricted shell |
32 |
to stop them just redirecting to somplace less secure. |
33 |
|
34 |
Does udev even check to see if the scripts/executables are owned by root (a |
35 |
plus) or world writable (a big minus)? |
36 |
|
37 |
I hope it doesn't take a Linux virus/worm using udev as a vector to prompt a |
38 |
review. |
39 |
|
40 |
|
41 |
> Why doesn't udev queue failing scripts for later execution? It just assumes |
42 |
> everything is in place in the moment it needs it. This is bad design for a |
43 |
> tool, coming in so early in the boot process. |
44 |
> |
45 |
> > Also, a look at this thread is maybe justified: |
46 |
> > http://thread.gmane.org/gmane.comp.sysutils.systemd.devel/1728/ |
47 |
> |
48 |
> Same thing here. This all basically reads "We did some really bad design |
49 |
> choices, now let's fix the surroundings." |
50 |
> The following sentence really made me laugh: |
51 |
> |
52 |
> "> If so, what does LSB say to this new directory? |
53 |
> |
54 |
> Nothing really, they just document current common practice. We might |
55 |
> request an update to LSB after it is used for a while and has shown |
56 |
> that it is what we want." |
57 |
> |
58 |
> He does not know, if the thing he designed is the thing he wants. |
59 |
> That's ridiculous! |
60 |
> |
61 |
> > Change happens. |
62 |
> |
63 |
> We already know this. |
64 |
> |
65 |
> > Regards everyone. |
66 |
> |
67 |
> Best, |
68 |
> Michael |
69 |
-- |
70 |
Reverend Paul Colquhoun, ULC. http://andor.dropbear.id.au/~paulcol |
71 |
Before you criticize someone, you should walk a mile in their shoes. |
72 |
Then, when you do, you'll be a mile away, and you'll have their shoes. |