| 1 |
On Mon, 12 Sep 2011 05:59:29 PM Michael Schreckenbauer wrote: |
| 2 |
> Hi Canek, |
| 3 |
> |
| 4 |
> On Monday, 12. September 2011 11:35:13 Canek Peláez Valdés wrote: |
| 5 |
> > (This would be my only post in this new thread: I think I have made my |
| 6 |
> > point of view clear in the other thread). |
| 7 |
> > |
| 8 |
> > I have seen a lot of disinformation going on in the other threads |
| 9 |
> > (like some people suggesting that /var would not be able to be on its |
| 10 |
> > own partition at some point in the future). Just before everyone start |
| 11 |
> > to wildy conjecture, please take a look at this: |
| 12 |
> > |
| 13 |
> > http://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken |
| 14 |
> |
| 15 |
> well, the culprit here is: |
| 16 |
> "The binaries called from these rules are sometimes located on /usr/bin, or |
| 17 |
> link against libraries in /usr/lib, or use data files from /usr/share. If |
| 18 |
> these rules fail udev will proceed with the next one, however later on |
| 19 |
> applications will then not properly detect these udev devices or features |
| 20 |
> of these devices." |
| 21 |
|
| 22 |
|
| 23 |
My major worry is that udev is happily running arbitrary scripts from |
| 24 |
arbitrary locations early in the boot process, and is actively trying to make |
| 25 |
this easier. |
| 26 |
|
| 27 |
How much more Microsoft-security-ish do we want Linux to get? |
| 28 |
|
| 29 |
From a paranoid-security point of view, I think the proper solution is to just |
| 30 |
*insist* that all scripts/executables run from udev be located in /{s}bin * |
| 31 |
/lib (or even in /udev_libexec) and run all scripts from a restricted shell |
| 32 |
to stop them just redirecting to somplace less secure. |
| 33 |
|
| 34 |
Does udev even check to see if the scripts/executables are owned by root (a |
| 35 |
plus) or world writable (a big minus)? |
| 36 |
|
| 37 |
I hope it doesn't take a Linux virus/worm using udev as a vector to prompt a |
| 38 |
review. |
| 39 |
|
| 40 |
|
| 41 |
> Why doesn't udev queue failing scripts for later execution? It just assumes |
| 42 |
> everything is in place in the moment it needs it. This is bad design for a |
| 43 |
> tool, coming in so early in the boot process. |
| 44 |
> |
| 45 |
> > Also, a look at this thread is maybe justified: |
| 46 |
> > http://thread.gmane.org/gmane.comp.sysutils.systemd.devel/1728/ |
| 47 |
> |
| 48 |
> Same thing here. This all basically reads "We did some really bad design |
| 49 |
> choices, now let's fix the surroundings." |
| 50 |
> The following sentence really made me laugh: |
| 51 |
> |
| 52 |
> "> If so, what does LSB say to this new directory? |
| 53 |
> |
| 54 |
> Nothing really, they just document current common practice. We might |
| 55 |
> request an update to LSB after it is used for a while and has shown |
| 56 |
> that it is what we want." |
| 57 |
> |
| 58 |
> He does not know, if the thing he designed is the thing he wants. |
| 59 |
> That's ridiculous! |
| 60 |
> |
| 61 |
> > Change happens. |
| 62 |
> |
| 63 |
> We already know this. |
| 64 |
> |
| 65 |
> > Regards everyone. |
| 66 |
> |
| 67 |
> Best, |
| 68 |
> Michael |
| 69 |
-- |
| 70 |
Reverend Paul Colquhoun, ULC. http://andor.dropbear.id.au/~paulcol |
| 71 |
Before you criticize someone, you should walk a mile in their shoes. |
| 72 |
Then, when you do, you'll be a mile away, and you'll have their shoes. |
Archives