Re: systemd/cgroups changing permissions (was: Re: Effectively criticizing decisions you disagree with in Debian)
On Mon, Sep 22, 2014 at 10:35:59AM +0900, Joel Rees wrote:
> 2014/09/22 5:21 "Ansgar Burchardt" <ansgar@43-1.org>:
> >
> > Hi Joel,
> >
> > Joel Rees <joel.rees@gmail.com> writes:
> > > (6) systemd and cgroups (at minimum) end up overriding the permissions
> > > system. It's bad enough having SELinux and ACLs brought in to knock
> > > holes in the permissions system, but when arbitrary non-kernel system
> > > functions start getting their hands into the equation, there is no way
> > > to be sure that when you set any particular file under /etc or under
> > > ~/ -- including /etc/ssh and ~/.shh -- as mode 740, that the effective
> > > permissions don't end up 666 or 1147. In this case, even pid 1 is a
> > > group of arbitrary non-kernel functions.
> > >
> > > Permissions and race conditions are not the only ways that the
> > > modularity of these technologies is broken. I'm not going to try to
> > > enumerate them here.
> >
> > I'm interested how use of systemd and cgroups will make a file in
> > /etc/ssh or ~/.ssh change effective permissions. Could you explain that
> > in simple, reproducible steps?
>
> When I can, I'll file a bug report. If ever.
>
> I know the theory, so I don't use those, so it's not a high priority for me.
>
> If you are interested, read the manuals,do the math, it falls out, even
> though the manuals are written with a certain bias.
So why post what you did above? Could you please stop spreading FUD!
--
"If you're not careful, the newspapers will have you hating the people
who are being oppressed, and loving the people who are doing the
oppressing." --- Malcolm X
Reply to: