Re: Automatic downloading of non-free software by stuff in main

To: debian-project@lists.debian.org
Subject: Re: Automatic downloading of non-free software by stuff in main
From: Adam Borowski <kilobyte@angband.pl>
Date: Thu, 7 Dec 2017 03:27:42 +0100
Message-id: <[🔎] 20171207022742.imz5bjiozuxw4q65@angband.pl>
In-reply-to: <[🔎] 1512610421.2768.87.camel@decadent.org.uk>
References: <23072.3346.580272.421185@chiark.greenend.org.uk> <[🔎] 1512506916.2624.14.camel@ghic.org> <[🔎] 20171206040920.GO1822@belkar.wrar.name> <[🔎] 1512542789.2768.65.camel@decadent.org.uk> <[🔎] 20171206233317.a7cmrtqjeuz2kbhr@khazad-dum.debian.net> <[🔎] 1512605362.2768.74.camel@decadent.org.uk> <[🔎] 96736d18-dae3-11e7-9b6a-00163eeb5320@msgid.mathom.us> <[🔎] 1512610421.2768.87.camel@decadent.org.uk>

On Thu, Dec 07, 2017 at 01:33:41AM +0000, Ben Hutchings wrote:
> On Wed, 2017-12-06 at 19:14 -0500, Michael Stone wrote:
> > On Thu, Dec 07, 2017 at 12:09:22AM +0000, Ben Hutchings wrote:
> > > That's only because it lives in mm/shmem.c, not under fs/.  It does
> > > support xattrs.
> > 
> > Have you tried it?
> 
> Ah, damnit.  It supports *some* xattrs (like the security namespace),
> but apparently not *user* xattrs.

Good.  While xattrs have some uses, this is a hidden privacy hole most users
aren't aware of (although /tmp/ is the filesystem least likely to be used
forensically against you).

Looks like the only filesystems that allow disabling it via a mount option
(nouser_xattr) are ext* and reiserfs, some more can do it via recompiling
the kernel although this kills all xattrs, not just the user: namespace;
most of these config options say "If unsure, say N." (other than CIFS, which
is also the filesystem where your files are most likely to be readable by
others) -- but they're all enabled in Debian kernels.

[~]$ task add "patch btrfs for mount -o nouser_xattr"

Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ 14:13 < icenowy[m]> are they hot enough? ;-)
⣾⠁⢰⠒⠀⣿⡁ 14:17 < icenowy[m]> I think now in Europe it should be winter? Let
⢿⡄⠘⠷⠚⠋⠀                     the BPi warm you ;-)
⠈⠳⣄⠀⠀⠀⠀ 14:17 <@KotCzarny> yeah, i have a pc to warm me ;)

Reply to:

Follow-Ups:
- Re: Automatic downloading of non-free software by stuff in main
  - From: Mike Hommey <mh@glandium.org>
- Re: Automatic downloading of non-free software by stuff in main
  - From: Holger Levsen <holger@layer-acht.org>

References:
- Re: Automatic downloading of non-free software by stuff in main
  - From: Diane Trout <diane@ghic.org>
- Re: Automatic downloading of non-free software by stuff in main
  - From: Andrey Rahmatullin <wrar@debian.org>
- Re: Automatic downloading of non-free software by stuff in main
  - From: Ben Hutchings <ben@decadent.org.uk>
- Re: Automatic downloading of non-free software by stuff in main
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Automatic downloading of non-free software by stuff in main
  - From: Ben Hutchings <ben@decadent.org.uk>
- Re: Automatic downloading of non-free software by stuff in main
  - From: Michael Stone <mstone@debian.org>
- Re: Automatic downloading of non-free software by stuff in main
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Re: Automatic downloading of non-free software by stuff in main
Next by Date: Re: Automatic downloading of non-free software by stuff in main
Previous by thread: Re: Automatic downloading of non-free software by stuff in main
Next by thread: Re: Automatic downloading of non-free software by stuff in main
Index(es):
- Date
- Thread