Bug#860570: linux: compartmentalize modules into separate packages

To: Matt Taggart <taggart@debian.org>, 860570@bugs.debian.org
Subject: Bug#860570: linux: compartmentalize modules into separate packages
From: Ben Hutchings <ben@decadent.org.uk>
Date: Tue, 18 Apr 2017 20:33:21 +0100
Message-id: <[🔎] 1492544001.2409.153.camel@decadent.org.uk>
Reply-to: Ben Hutchings <ben@decadent.org.uk>, 860570@bugs.debian.org
In-reply-to: <[🔎] 20170418182904.46207268@taggart.lackof.org>
References: <[🔎] 20170418182904.46207268@taggart.lackof.org>

Matt Taggart <taggart@debian.org> wrote:
[...]
> * I still see the floppy and parallel port module load on many of my
> systems because the superio/southbridge/etc happened to have that
> device in case the system designer wanted to use it. It's time for
> this stuff to go away.

Sounds like a BIOS bug or misconfiguration.  In any case I don't think
those devices will be accessible by unprivileged users.

> * firewire is a particular risk, it could be argued that even if the
> hardware _is_ present, the user should have to opt-in to enabling it

I haven't seen a computer shipped with Firewire ports for a good few
years.  If they're present than they're probably on an add-on card that
the user wants to use.

> * Debian is cool because it still runs great on old systems, we don't
> want to prevent that, but it would be nice to leave the old baggage
> in a separate package (ISA, old network standards, old filesystems,
> anything that stopped being produced 20+ years ago).

I agree that filesystems are a problem, but not just old ones - they're
all vulnerable to malicious storage devices.  Ideally I want removable
storage to be mounted using FUSE by default, not kernel filesystems. 
Also util-linux ought not to probe any of those obscure filesystems by
default.  Both of these require userland, not kernel, changes.

Network protocols are a big problem, but again this isn't limited to
old ones.  I want to disable auto-loading for them by default, so you
have to opt in to get anything but AF_{INET,INET6,NETLINK,PACKET,UNIX}.

In general, the modules I'm concerned about are those that can be
loaded on-demand for unprivileged users.  The ModAutoRestrict LSM might
provide a way to deal with those: https://lwn.net/Articles/719385/

The old drivers, however, just aren't going to get loaded so I don't
think they're a problem.

> * This would add complication to an already complicated package.
> Would the benefit be worth it?

No, it's bad enough having to categorise things for udebs.

> * This might be confusing for the very, very, small percentage of
> users where things didn't "just work" with d-i doing the right thing.

It would be a very large percentage because, you know, hotplug is a
thing.

> Would the benefit be worth it?

No.

Ben.

-- 
Ben Hutchings
The world is coming to an end.	Please log off.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- Bug#860570: linux: compartmentalize modules into separate packages
  - From: Matt Taggart <taggart@debian.org>

Prev by Date: Processed: retitle 860403 to Boot delay waiting for nonexistent suspend/resume device ..., tagging 860543 ...
Next by Date: Debian Stretch support for Intel Denverton CPUs
Previous by thread: Bug#860570: linux: compartmentalize modules into separate packages
Next by thread: Processed: retitle 860403 to Boot delay waiting for nonexistent suspend/resume device ..., tagging 860543 ...
Index(es):
- Date
- Thread