From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 84FAA158089 for ; Sun, 17 Sep 2023 17:28:54 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 354A22BC136; Sun, 17 Sep 2023 17:28:51 +0000 (UTC) Received: from mail-ot1-x336.google.com (mail-ot1-x336.google.com [IPv6:2607:f8b0:4864:20::336]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 0E1662BC017 for ; Sun, 17 Sep 2023 17:28:50 +0000 (UTC) Received: by mail-ot1-x336.google.com with SMTP id 46e09a7af769-6c0822f46a1so2398973a34.0 for ; Sun, 17 Sep 2023 10:28:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1694971730; x=1695576530; darn=lists.gentoo.org; h=content-transfer-encoding:to:subject:message-id:date:from :references:in-reply-to:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=0tu+I50abqLr7i7NX8UmNJkRFCxWoTmrV3pVRnov3rw=; b=Fc17FI9fpFacYp8KBMrENkGapfU2+vdf/1Fn3vsKod5z1yJQykLP2P8ynz1Ej4xsRX 2up8I1ogfwLzho0Pg+HpFBoJKDOEKtuKcwlglQIvWVfj5BMOuCqeYDaaIJ3TB0vJQsxo FVAFMv17FJ/BpeU0jQCauwZzpb1yQkBopjyFo8OI0Ed1FrITYeYruKBHsaAuUS+QU2UF wJB3yuDe6Km1ZMUWMAnOUplA99AyeXnZF1zNbiweR56O32W5ta71XisrAMjzsQqkLvpM +gT27fidcQq7QxqC9FLY2mF89s8sc/RtTdwiZTAQ2GZtqEJobzLeWF5PvKodsFftS4vr HWGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694971730; x=1695576530; h=content-transfer-encoding:to:subject:message-id:date:from :references:in-reply-to:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0tu+I50abqLr7i7NX8UmNJkRFCxWoTmrV3pVRnov3rw=; b=hVcRYEPz++6wiOO96Z93h4Sb2Vo3ggGr+FnycPBp/iBVfkmqeL4GuhjlDonIZcv98j kCcb8lUlGo7LCXTXR8NlRd1M9mffeAYA2JJUV0S62I3939gaJJF8IWlQ/izvNSbXHdLJ Bp2rFAJM9IgyFlAA2WxpneXtxe5GUgfi5UjGMsOprIVkmTA+5HhKgGYe1iLpATL+zj5w YeXnnSLHXWBhfxNdb1vZ+Oo/ZIzbF/7dlLcFViQDb6ip++nx2t+yRJVyyd88Hjhuu2tz gRjW7YTvk8/pb42/exOEd7h3+d9h3549NbIZrMF6jVz4HxjSfXP0ecRSD0bWPmYNXM5T Rvag== X-Gm-Message-State: AOJu0YzSSzhCmvjNaSlBMhpSClrVJPq9ABsROtqsRdzgxzODHFGRbA5b t3qiHTb8okJldMHuXIfokrg8L9oV08s5KuElyUIuyxJ/ X-Google-Smtp-Source: AGHT+IH2FPBCIUCBJqZQ0Nioj/vl7XQFuSc9Sto/n0RkA093PEEb4aFtdlhtpLspPUH76VlSsZ+E43N4KDLkftWvUQo= X-Received: by 2002:a05:6358:899:b0:140:f08c:2b50 with SMTP id m25-20020a056358089900b00140f08c2b50mr6714895rwj.6.1694971730052; Sun, 17 Sep 2023 10:28:50 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Received: by 2002:a0c:de0e:0:b0:64c:95e3:9ef9 with HTTP; Sun, 17 Sep 2023 10:28:49 -0700 (PDT) In-Reply-To: <20230917060514.4314cb2b@Akita> References: <8459848.MhkbZ0Pkbq@pinacolada> <86bke1caqc.fsf@gentoo.org> <20230917060514.4314cb2b@Akita> From: Alexe Stefan Date: Sun, 17 Sep 2023 20:28:49 +0300 Message-ID: Subject: Re: [gentoo-dev] Re: [gentoo-dev-announce] last rites (kinda, long masked): sys-apps/opentmpfiles To: gentoo-dev@lists.gentoo.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Archives-Salt: e709fe0b-ae9e-4aad-bb7f-40cc269cb35c X-Archives-Hash: facc71f7df68e5ec25d73c2baaab8d22 On 9/17/23, orbea wrote: > On Sun, 17 Sep 2023 12:58:00 +0200 > Arsen Arsenovi=C4=87 wrote: > >> Alexe Stefan writes: >> >> > One is written in shell, the other is written in c.(no problems >> > here) >> >> Not that implementation language matters. >> >> > One is not part of systemd, the other is. >> >> Both work fine without systemd, but the systemd implementation also >> happens not to be unmaintained and happens to be more complete. > > Here are some other implementations I have found, but I am not sure if > they are drop-in replacements or not. > > https://github.com/eweOS/pawprint > https://github.com/juur/tmpfilesd > >> >> > How are they identical. >> >> The last rites message does not say that opentmpfiles and >> systemd-tmpfiles are identical. That'd do a disservice to the >> actually complete, unmaintained, and (currently) non-CVE-affected >> implementation in systemd. >> >> > I use this on my raspi server, works fine. >> >> 'WOMM' is a fairly terrible measure. >> >> > Gentoo really became a systemd distro, further restricting choice by >> > the day. >> >> [ignoring this nonsensical statement, notice put here for clarity] >> >> >> Gentoo devs aren't obliged to maintain software you like to use. >> systemd-utils[tmpfiles] works on all Gentoo systems, including >> non-systemd ones. Until that changes (which is unlikely), I doubt >> there will be much interest in maintaining a fork from inside Gentoo. >> >> Please take up opentmpfiles maintenance. You have >> https://archives.gentoo.org/gentoo-dev/message/689954cc7fd55402dc4c82aa0= ac70efb >> to address, and probably some other issues. See >> https://github.com/OpenRC/opentmpfiles/issues/19 for context. >> >> The message above implies that a rewrite in C is necessary. >> >> This should be rather easy. The systemd implementation is only ~4k >> LoC (excluding shared code), so I imagine that a complete >> reimplementation should be far less than 10k. Since this is fairly >> elementary stuff, it should be possible to finish in a weekends time. >> >> Submit a PR to re-add opentmpfiles after you're done. >> >> Looking forward to reviewing your contributions upstream. Have a >> lovely day :-) > > > There are 2 open pr's on the opentmpfiles github. One removes the security vulnerability, but is non-compliant with the spec, the other is (at least is a start of) a rewrite in c. >As a result, opentmpfiles never should have tried to implement it, but >its authors didn't know about those problems either. And while >implementing tmpfiles in C has certain unavoidable race conditions, >hooooooooo boy is the shell version swiss cheese. There's no safe way >to run chown and chmod (the shell commands) as root in a directory you >don't control, and that's a big part of what opentmpfiles does. The >exploits for the shell version are kindergaren stuff. > Is it really so easy to exploit it? How would you do that?