Gentoo Archives: gentoo-user

From: Paul Colquhoun <paulcol@×××××××××××××××××.au>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] udev + /usr
Date: Tue, 13 Sep 2011 07:30:28
Message-Id: 2387970.DMxu7Vsxid@tux
In Reply to: Re: [gentoo-user] udev + /usr by Michael Schreckenbauer
1 On Mon, 12 Sep 2011 05:59:29 PM Michael Schreckenbauer wrote:
2 > Hi Canek,
3 >
4 > On Monday, 12. September 2011 11:35:13 Canek Peláez Valdés wrote:
5 > > (This would be my only post in this new thread: I think I have made my
6 > > point of view clear in the other thread).
7 > >
8 > > I have seen a lot of disinformation going on in the other threads
9 > > (like some people suggesting that /var would not be able to be on its
10 > > own partition at some point in the future). Just before everyone start
11 > > to wildy conjecture, please take a look at this:
12 > >
13 > > http://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
14 >
15 > well, the culprit here is:
16 > "The binaries called from these rules are sometimes located on /usr/bin, or
17 > link against libraries in /usr/lib, or use data files from /usr/share. If
18 > these rules fail udev will proceed with the next one, however later on
19 > applications will then not properly detect these udev devices or features
20 > of these devices."
21
22
23 My major worry is that udev is happily running arbitrary scripts from
24 arbitrary locations early in the boot process, and is actively trying to make
25 this easier.
26
27 How much more Microsoft-security-ish do we want Linux to get?
28
29 From a paranoid-security point of view, I think the proper solution is to just
30 *insist* that all scripts/executables run from udev be located in /{s}bin *
31 /lib (or even in /udev_libexec) and run all scripts from a restricted shell
32 to stop them just redirecting to somplace less secure.
33
34 Does udev even check to see if the scripts/executables are owned by root (a
35 plus) or world writable (a big minus)?
36
37 I hope it doesn't take a Linux virus/worm using udev as a vector to prompt a
38 review.
39
40
41 > Why doesn't udev queue failing scripts for later execution? It just assumes
42 > everything is in place in the moment it needs it. This is bad design for a
43 > tool, coming in so early in the boot process.
44 >
45 > > Also, a look at this thread is maybe justified:
46 > > http://thread.gmane.org/gmane.comp.sysutils.systemd.devel/1728/
47 >
48 > Same thing here. This all basically reads "We did some really bad design
49 > choices, now let's fix the surroundings."
50 > The following sentence really made me laugh:
51 >
52 > "> If so, what does LSB say to this new directory?
53 >
54 > Nothing really, they just document current common practice. We might
55 > request an update to LSB after it is used for a while and has shown
56 > that it is what we want."
57 >
58 > He does not know, if the thing he designed is the thing he wants.
59 > That's ridiculous!
60 >
61 > > Change happens.
62 >
63 > We already know this.
64 >
65 > > Regards everyone.
66 >
67 > Best,
68 > Michael
69 --
70 Reverend Paul Colquhoun, ULC. http://andor.dropbear.id.au/~paulcol
71 Before you criticize someone, you should walk a mile in their shoes.
72 Then, when you do, you'll be a mile away, and you'll have their shoes.