From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id F0B74138330 for ; Wed, 10 Jan 2018 18:05:07 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E01EAE0949; Wed, 10 Jan 2018 18:05:02 +0000 (UTC) Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 8E6CAE08CE for ; Wed, 10 Jan 2018 18:05:02 +0000 (UTC) Received: by mail-qk0-x229.google.com with SMTP id q1so7053688qkb.9 for ; Wed, 10 Jan 2018 10:05:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:mail-followup-to :references:mime-version:content-disposition:in-reply-to:user-agent; bh=0fTpCyr/VQR7vHTMehd3X8Bsexc3v8C8GM9TRj9QYh0=; b=Pq7DNNnwwyK7u/4wl8p/M6sZGNaM8FoJesr1eyzezdZhdiAuIlYDr2cB87Mjovzc93 Vq/STPtNehPYl9LEFoHgGVNNKZhymphHAESLjdGw5vcmxj7RI/XeH1BFnqu/37XMQ5Ng ntfu7OGefgIndEkt2eq+DdHqw9cnWPMeeET3Dr88iBmNKpl/6x+0l0NleW0PgT/YXVI5 UJGFPGAhjWOgABChzOxZ/Fgc0gAwpCpZHeJA9W7ik/9fe+v7DaswIYmuuBeG5SqCsW09 6wxbCtTxMbttGKUFU6e/DaRQ+hzdmZ4AHwAgmBS1fbA2w6auGLBcbdQOR0Er7sYUSTns H9Mg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-disposition :in-reply-to:user-agent; bh=0fTpCyr/VQR7vHTMehd3X8Bsexc3v8C8GM9TRj9QYh0=; b=F+TczOWWnneNSDepsBG+tgwKiNMh2CnnSfOd6Wa7MMB6A9yDWfaNc9X6j2jcL9Faz2 +23QQCfBQlpdzVsBp7g3NwJUcT//tYf8N+RPoxv0024lK+IDEsr7QU9SseyMGOE2SGyn PjMMCVdljRDodRnkw1XVbafB/Yw6snNq2KaXykIUw89WwH8n0IKxcs0ewoAlscsRvunE kGZXb2rYrJ6UUoet3VLh+YdSLBQ0OCA1VAxJo/2aUdrY5fh8Q8MRW7GOj7gZVca7sBne UiWJj31UFaz4jCrbBNIqi47l//qia60XHEq50SqJpVYRWGu8w+fLCDPEHLVnJq56SZ5m 5T2g== X-Gm-Message-State: AKwxyteQXG8MLd2nV2h7deHeu8YR6Jz9kPETQnhZf2IR5YK83qbtjW/Z wqi/+7YMxwhQnAJGyNr076njoA== X-Google-Smtp-Source: ACJfBouvHvYtqzXu5YhB/NvUa0Xb5D36Oy4lP2FpRTR5/XRsO0oqxi1ewDEAfx2g5W2x6KL1rR3cPg== X-Received: by 10.55.114.197 with SMTP id n188mr17577613qkc.226.1515607501426; Wed, 10 Jan 2018 10:05:01 -0800 (PST) Received: from whubbs1.gaikai.biz ([100.42.103.5]) by smtp.gmail.com with ESMTPSA id 28sm2562481qtq.49.2018.01.10.10.04.59 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Jan 2018 10:05:00 -0800 (PST) Sender: William Hubbs Received: (nullmailer pid 1185 invoked by uid 1000); Wed, 10 Jan 2018 18:04:43 -0000 Date: Wed, 10 Jan 2018 12:04:43 -0600 From: William Hubbs To: gentoo-dev@lists.gentoo.org Cc: mjo@gentoo.org Subject: Re: [gentoo-dev] rfc: ideas for fixing OpenRC checkpath issue Message-ID: <20180110180443.GA1085@whubbs1.gaikai.biz> Mail-Followup-To: gentoo-dev@lists.gentoo.org, mjo@gentoo.org References: <20180110000741.GA3995@whubbs1.gaikai.biz> <14e5af26-fdb7-802c-e6d2-7a69c5115e0d@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="0F1p//8PRICkK4MW" Content-Disposition: inline In-Reply-To: <14e5af26-fdb7-802c-e6d2-7a69c5115e0d@gentoo.org> User-Agent: Mutt/1.7.2 (2016-11-26) X-Archives-Salt: 4cdd6158-dcfd-4230-9178-b713b5c223ec X-Archives-Hash: 96d129aa4bc885721a42547bd71f27d9 --0F1p//8PRICkK4MW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 09, 2018 at 08:19:24PM -0500, Michael Orlitzky wrote: *snip* > Ultimately, it's not safe to chown/chmod/setfacl/whatever in a directory > that is not writable only by yourself and root. Let me try to phrase this another way. If the directory we are in is not owned by us or root and is group or world writable, checkpath should not change the ownership or permissions of the file passed to it. > Here's a very tedious proposal for OpenRC: >=20 > 1. Create a new helper, called e.g. "newpath", that is like checkpath > but only creates things, and doesn't modify them. >=20 > 2. Have newpath throw a warning if it's used in a directory that is > writable by someone other than root and the OpenRC user. This will > prevent people from creating /foo/bar after /foo has already been > created with owner "foo:foo". In other words, service script > writers will be encouraged to do things in a safe order. Since > we're starting over, this might even be made an error. >=20 > 3. Deprecate checkpath >=20 > 4. Wait a million years for people to switch from checkpath to newpath >=20 > 5. Get rid of checkpath >=20 > I'm not even sure that this solves the problem completely, but it's the > only idea I've got left. I'm not really a fan of creating a new helper unless I have to; I would rather modify checkpath's behaviour. The first stage of that modification would be to release a version that outputs error messages, then convert the error messages to hard failures in a later release. Is this reasonable? If we go this route, what should checkpath start complaining about? William --0F1p//8PRICkK4MW Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTVeuxEZo4uUHOkQAluVBb0MMRlOAUCWlZVSAAKCRBuVBb0MMRl OJ7TAJ9SnzSDXtKbn1ed4m78wJHtzEz4UwCfVPzaRlKTZRrc4HDmr419lpLUj9I= =Pc7d -----END PGP SIGNATURE----- --0F1p//8PRICkK4MW--