From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-81413-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 937FF139694
	for <garchives@archives.gentoo.org>; Thu, 13 Jul 2017 11:36:01 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id D639827417A;
	Thu, 13 Jul 2017 11:35:56 +0000 (UTC)
Received: from avasout05.plus.net (avasout05.plus.net [84.93.230.250])
	(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 69350274106
	for <gentoo-dev@lists.gentoo.org>; Thu, 13 Jul 2017 11:35:56 +0000 (UTC)
Received: from [192.168.6.147] ([212.159.46.162])
	by avasout05 with smtp
	id kBbt1v0043Vx3VQ01BbuDi; Thu, 13 Jul 2017 12:35:54 +0100
X-CM-Score: 0.00
X-CNFS-Analysis: v=2.2 cv=Iav3YSia c=1 sm=1 tr=0
 a=RuViaDnnNG9rfPLW4VJocg==:117 a=RuViaDnnNG9rfPLW4VJocg==:17
 a=13zjGPudsaEWiJwPRgMA:9 a=Zt_relv3E4Xj9r4TEwkA:9 a=QEXdDO2ut3YA:10
 a=3XVVAKzcGf13V62ipMgA:9 a=ONNS8QRKHyMA:10
Subject: Re: [gentoo-dev] newsitem: openrc-0.28 mounts efivars read only
To: gentoo-dev@lists.gentoo.org
References: <20170712154236.GA10286@whubbs1.gaikai.biz>
 <CAJ0EP43wsGZfBqM604LKy9K0tx6h03gOumShAEawYkdrVj=inw@mail.gmail.com>
 <20170712214408.GA13328@whubbs1.gaikai.biz>
 <CAEdQ38G4SZ13PTcUkEx1ra4T9BXs9upG7Yfqth0WJPNZT_6wpA@mail.gmail.com>
 <CAKkjsY_WD1AmDkNNf3d3Q-Zyoid7ux0Cgs6ZT=zbuCkwb2cW+g@mail.gmail.com>
 <CAEdQ38G4VcM48bM460Q0o-Gm0MjFwksCMfH6uXQVGdEhKZHGCA@mail.gmail.com>
 <20170713093021.2b0bcf21b6ebb6921245fbe0@gentoo.org>
 <CAGfcS_=fdA3HBr-tFw02tSGkC+yNBCAZBBapEw7oPej-89ix4g@mail.gmail.com>
From: "M. J. Everitt" <m.j.everitt@iee.org>
Openpgp: id=BA266E0525CFAB101523351B4C30334F93C22371
Message-ID: <32458e65-d66d-fcdc-5b0a-97d3c480d14a@iee.org>
Date: Thu, 13 Jul 2017 12:35:50 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.3.0
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
In-Reply-To: <CAGfcS_=fdA3HBr-tFw02tSGkC+yNBCAZBBapEw7oPej-89ix4g@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="SkV2UNUMQceTljvgQJjwVKilPb32pd2xi"
X-Archives-Salt: ffe27298-6f7e-4307-bc47-ce32797de340
X-Archives-Hash: 25551ece79be2098da181e3b3505dc8c

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--SkV2UNUMQceTljvgQJjwVKilPb32pd2xi
Content-Type: multipart/mixed; boundary="qwS4s0T4j7GK2RSFTLdfnujv0lDuJJoQN"
From: "M. J. Everitt" <m.j.everitt@iee.org>
To: gentoo-dev@lists.gentoo.org
Message-ID: <32458e65-d66d-fcdc-5b0a-97d3c480d14a@iee.org>
Subject: Re: [gentoo-dev] newsitem: openrc-0.28 mounts efivars read only
References: <20170712154236.GA10286@whubbs1.gaikai.biz>
 <CAJ0EP43wsGZfBqM604LKy9K0tx6h03gOumShAEawYkdrVj=inw@mail.gmail.com>
 <20170712214408.GA13328@whubbs1.gaikai.biz>
 <CAEdQ38G4SZ13PTcUkEx1ra4T9BXs9upG7Yfqth0WJPNZT_6wpA@mail.gmail.com>
 <CAKkjsY_WD1AmDkNNf3d3Q-Zyoid7ux0Cgs6ZT=zbuCkwb2cW+g@mail.gmail.com>
 <CAEdQ38G4VcM48bM460Q0o-Gm0MjFwksCMfH6uXQVGdEhKZHGCA@mail.gmail.com>
 <20170713093021.2b0bcf21b6ebb6921245fbe0@gentoo.org>
 <CAGfcS_=fdA3HBr-tFw02tSGkC+yNBCAZBBapEw7oPej-89ix4g@mail.gmail.com>
In-Reply-To: <CAGfcS_=fdA3HBr-tFw02tSGkC+yNBCAZBBapEw7oPej-89ix4g@mail.gmail.com>

--qwS4s0T4j7GK2RSFTLdfnujv0lDuJJoQN
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 13/07/17 12:09, Rich Freeman wrote:
> Presumably you'd only want to remount it if it was mounted ro to
> start, since it sounds like openrc will be diverging from systemd
> behavior here.
>
> While it seems like a good idea I'm not sure how big an improvement it
> is in the larger scheme.  We're worried about root accidentially
> modifying efivars, but we have no safeguards against root writing to
> /dev/sda, and the latter seems much more likely to cause harm, and is
> harder to fix.
>
In case you weren't aware, Rich, rewriting the efivars actually writes
to the system BIOS, which renders the computer completely unbootable ..
not quite the same as erasing the boot sector of your hard disk, where
you simply plug in another device, and Off you go ...


--qwS4s0T4j7GK2RSFTLdfnujv0lDuJJoQN--

--SkV2UNUMQceTljvgQJjwVKilPb32pd2xi
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJZZ1sYAAoJEN7KWvRhIveDtTAQAJ2DYWBew6/Wm8lIjQcfiyO6
mTMcSnaxCBrHwF+W9NNFGmSoolJEFDIxAb58QT+DUp9NL+lh4O7EMAIYyGswnX9z
eOvxIeAy/myIP8cADlI81WaKrm5NDiPWuFsaB28dvDiLgl1xEAcgsZ4USx11yo5H
3ZbZMrAqrB4C4OHgUMphksV1k1oTLsc6PjKhkPQkd/Up1OJoW51NMYeXEcnmrZlx
ypEAi5wBr/qbv7DAD/y+sYMV985BUzCtx7JiKB9QpSldqEE7P9AZhyu5c7JkIEbV
qkCNEgFmu7V4zTA2Eecqe98ai84hUdeRhBElsF2kEn5nUPZrJ814faEBGSIWLRLH
2yUx8tLvnzOx4aouy99BgfCzX/9dx+P+4itqbbyqdJ/89Aj5AebNtFLQnI3C0i8t
eM9OrBoXYMKoctETtECH2vMnqDwZ3llcepbehj9ZG3Y/jYViTtmqP4Q1sxDsyh55
WhbghJcRL1psWUtI6O7r/DXCfJVYj9tX8fA5kjjlgmjBNz53sIM2HZsNuC5tZ1di
CWmiXZcAbaNv4aR3Z+nowPUU/m+4Nvh71UZLIz9pYlgtfY/8/zYmHiFWpXuLvkMw
kOF68Q2udXhttgYqih9xPCFMKOy4KMZYbPLCf0v9GX84DZWR5vertbEbNCK7ND9v
I4H0fL+hpiB9G4G/OjYt
=y92I
-----END PGP SIGNATURE-----

--SkV2UNUMQceTljvgQJjwVKilPb32pd2xi--