[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ifupdown writes to /etc... a bug?

On Sat, 22 Mar 2003 22:00, Thomas Hood wrote:
> Russell Coker wrote:
> > Why force developers to do more work for a ro root
> > than is being done for more serious security measures.
> The two measures aren't mutually exclusive.
> Is it a lot of work to implement /run?

If it was not a lot of work then it would have been done without such a long 

Really good ideas are not known for being complex and fiddly to implement, 
really good ideas often hit you with a "doh, this is to easy that I should 
have solved it when I was a 10yo" moment.  When something requires huge 
amounts of hackery you have to question whether it's desirable.

I believe that the people who want a ro root FS are in a tiny minority, and 
that things can be best solved if they hack the few scripts in question 
themselves.  Such people undoubtedly have other unusual requirements and are 
hacking things to their own desires anyway.

> If it is decided
> that the idea is sound, then maintainers can just start
> moving their run-time state files under /run.  Also,
> somewhere must be documented the new requirement that
> /run must be rw, local, and persistent-until-reboot --
> whether it be a directory on the root filesystem or a
> tmpfs or whatever.  Then there is getting the FHS
> changed; that will be the most work.

Things to do:
1)  Change programs such as mount.
2)  Solve issues of supporting different kernels (2.2.x doesn't have tmpfs).
3)  Convince the FHS people (as if that's ever going to happen).
4)  Change all applications that write to /etc and put in sym-links for 
applications that read from it (*).
5)  Deal with on-going issues because almost no developers run their machines 
in such a fashion.

(*)  A short list for 4 is:
sendmail daemon
sendmail -t run by the user for some mail servers
Various daemon start scripts.
Some file system administrative programs.

The problems don't end here however.  One thing to consider is that increasing 
complexity is the enemy of security.  The idea for /run may help security on 
a small minority of systems at the cost of making things needlessly more 
complex on the majority of systems.

Please note well that I have been careful to avoid making SE Linux related 
requests of other developers that would have a negative impact on non-SE 
systems.  For most of my requests I provide clear reasons for doing what I 
desire even if there are no plans to use SE Linux so that the majority of 
users (who don't use SE Linux) will benefit.

Now back to the original issue of writing to /etc.  I don't have a problem 
with having a different location for such writable files.  I believe that 
having a clear separation between writable files and read-only files is a 
good thing as it simplifies system administration in many ways.  For daemons 
using /var for such files is already the recommended policy.

As we already do this for the easy things, wouldn't it be easier for someone 
who wants to do this to just maintain a repository of modified packages to 
provide this?

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: