From: William Hubbs <williamh@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Cc: mjo@gentoo.org
Subject: Re: [gentoo-dev] rfc: ideas for fixing OpenRC checkpath issue
Date: Wed, 10 Jan 2018 12:04:43 -0600 [thread overview]
Message-ID: <20180110180443.GA1085@whubbs1.gaikai.biz> (raw)
In-Reply-To: <14e5af26-fdb7-802c-e6d2-7a69c5115e0d@gentoo.org>
[-- Attachment #1: Type: text/plain, Size: 1676 bytes --]
On Tue, Jan 09, 2018 at 08:19:24PM -0500, Michael Orlitzky wrote:
*snip*
> Ultimately, it's not safe to chown/chmod/setfacl/whatever in a directory
> that is not writable only by yourself and root.
Let me try to phrase this another way.
If the directory we are in is not owned by us or root and is group or
world writable, checkpath should not change the ownership or permissions
of the file passed to it.
> Here's a very tedious proposal for OpenRC:
>
> 1. Create a new helper, called e.g. "newpath", that is like checkpath
> but only creates things, and doesn't modify them.
>
> 2. Have newpath throw a warning if it's used in a directory that is
> writable by someone other than root and the OpenRC user. This will
> prevent people from creating /foo/bar after /foo has already been
> created with owner "foo:foo". In other words, service script
> writers will be encouraged to do things in a safe order. Since
> we're starting over, this might even be made an error.
>
> 3. Deprecate checkpath
>
> 4. Wait a million years for people to switch from checkpath to newpath
>
> 5. Get rid of checkpath
>
> I'm not even sure that this solves the problem completely, but it's the
> only idea I've got left.
I'm not really a fan of creating a new helper unless I have to; I would
rather modify checkpath's behaviour.
The first stage of that modification would be to release a version that
outputs error messages, then convert the error messages to hard failures
in a later release.
Is this reasonable? If we go this route, what should checkpath start
complaining about?
William
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
next prev parent reply other threads:[~2018-01-10 18:05 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-10 0:07 [gentoo-dev] rfc: ideas for fixing OpenRC checkpath issue William Hubbs
2018-01-10 1:19 ` Michael Orlitzky
2018-01-10 18:04 ` William Hubbs [this message]
2018-01-10 20:25 ` Michael Orlitzky
2018-01-10 21:54 ` William Hubbs
2018-01-13 20:48 ` Michael Orlitzky
2018-01-17 15:21 ` William Hubbs
2018-01-17 15:41 ` Michael Orlitzky
2018-01-17 17:14 ` William Hubbs
2018-01-19 0:19 ` Michael Orlitzky
2018-01-20 0:16 ` William Hubbs
2018-01-20 0:53 ` Michael Orlitzky
2018-01-20 1:14 ` William Hubbs
2018-01-20 1:20 ` Michael Orlitzky
2018-01-10 18:17 ` Kristian Fiskerstrand
2018-01-12 16:33 ` Michael Orlitzky
2018-01-10 22:18 ` James Le Cuirot
2018-01-10 23:31 ` Michael Orlitzky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180110180443.GA1085@whubbs1.gaikai.biz \
--to=williamh@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
--cc=mjo@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox