Re: ifupdown writes to /etc... a bug?
On Sat, 22 Mar 2003 22:00, Thomas Hood wrote:
> Russell Coker wrote:
> > Why force developers to do more work for a ro root
> > than is being done for more serious security measures.
>
> The two measures aren't mutually exclusive.
>
> Is it a lot of work to implement /run?
If it was not a lot of work then it would have been done without such a long
discussion.
Really good ideas are not known for being complex and fiddly to implement,
really good ideas often hit you with a "doh, this is to easy that I should
have solved it when I was a 10yo" moment. When something requires huge
amounts of hackery you have to question whether it's desirable.
I believe that the people who want a ro root FS are in a tiny minority, and
that things can be best solved if they hack the few scripts in question
themselves. Such people undoubtedly have other unusual requirements and are
hacking things to their own desires anyway.
> If it is decided
> that the idea is sound, then maintainers can just start
> moving their run-time state files under /run. Also,
> somewhere must be documented the new requirement that
> /run must be rw, local, and persistent-until-reboot --
> whether it be a directory on the root filesystem or a
> tmpfs or whatever. Then there is getting the FHS
> changed; that will be the most work.
Things to do:
1) Change programs such as mount.
2) Solve issues of supporting different kernels (2.2.x doesn't have tmpfs).
3) Convince the FHS people (as if that's ever going to happen).
4) Change all applications that write to /etc and put in sym-links for
applications that read from it (*).
5) Deal with on-going issues because almost no developers run their machines
in such a fashion.
(*) A short list for 4 is:
mount
sendmail daemon
sendmail -t run by the user for some mail servers
Various daemon start scripts.
ntpd
hotplug
passwd/chfn/chsh/etc
useradd/userdel/etc
samba
Some file system administrative programs.
The problems don't end here however. One thing to consider is that increasing
complexity is the enemy of security. The idea for /run may help security on
a small minority of systems at the cost of making things needlessly more
complex on the majority of systems.
Please note well that I have been careful to avoid making SE Linux related
requests of other developers that would have a negative impact on non-SE
systems. For most of my requests I provide clear reasons for doing what I
desire even if there are no plans to use SE Linux so that the majority of
users (who don't use SE Linux) will benefit.
Now back to the original issue of writing to /etc. I don't have a problem
with having a different location for such writable files. I believe that
having a clear separation between writable files and read-only files is a
good thing as it simplifies system administration in many ways. For daemons
using /var for such files is already the recommended policy.
As we already do this for the easy things, wouldn't it be easier for someone
who wants to do this to just maintain a repository of modified packages to
provide this?
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: