From: Ben Kohler <bkohler@gmail.com>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] newsitem: openrc-0.28 mounts efivars read only
Date: Thu, 13 Jul 2017 09:35:02 -0500 [thread overview]
Message-ID: <CANSUr=K9S5r_82rPyQDUJu9FWqOP+Yc=f3zD=8=SzU3GGY=vtg@mail.gmail.com> (raw)
In-Reply-To: <CAJ0EP40kM8dL_Rn5AZJ1vqdU=VAhC6+OCY5o11DDd1edQPf32w@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 933 bytes --]
On Thu, Jul 13, 2017 at 9:29 AM, Mike Gilbert <floppym@gentoo.org> wrote:
>
> We are actually talking about protecting people who run something like
> rm -rf /sys/firmware/efi/efivars/ as root.
>
> If you are dumb enough to do something like that, you almost deserve
> to spend a couple hundred on a new motherboard.
>
> While I can think of a few ways you can accidentally do this via
bindmounts and such, I think it's also worth mentioning that this
"bricking" only happens on a very very small number of systems with a
specific buggy UEFI implementation, the vast majority of UEFI hardware will
not be "bricked" by wiping efivars.
I'm still onboard with protecting users from this out of the box, but it's
not like without this change, we'll have gentoo boxes dropping dead all
over the place every week. We're protecting from something that requires
both a very specific firmware bug AND serious user error, to trigger.
-Ben
[-- Attachment #2: Type: text/html, Size: 1466 bytes --]
next prev parent reply other threads:[~2017-07-13 14:35 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-12 15:42 [gentoo-dev] newsitem: openrc-0.28 mounts efivars read only William Hubbs
2017-07-12 15:50 ` M. J. Everitt
2017-07-12 20:03 ` Mike Gilbert
2017-07-12 21:44 ` William Hubbs
2017-07-12 23:04 ` Matt Turner
2017-07-13 0:29 ` Lucas Ramage
2017-07-13 0:42 ` Matt Turner
2017-07-13 1:27 ` Lucas Ramage
2017-07-13 6:30 ` Andrew Savchenko
2017-07-13 11:09 ` Rich Freeman
2017-07-13 11:35 ` M. J. Everitt
2017-07-13 12:17 ` Andrew Savchenko
2017-07-13 14:29 ` Mike Gilbert
2017-07-13 14:35 ` Ben Kohler [this message]
2017-07-13 14:58 ` Andrew Savchenko
2017-07-13 15:06 ` Andrew Savchenko
2017-07-13 15:40 ` Rich Freeman
2017-07-13 16:45 ` Mike Gilbert
2017-07-13 16:47 ` Mike Gilbert
2017-07-13 11:43 ` Andrew Savchenko
2017-07-13 11:54 ` Rich Freeman
2017-07-13 12:14 ` Andrew Savchenko
2017-07-13 12:45 ` Rich Freeman
2017-07-13 2:38 ` Mike Gilbert
2017-07-14 0:09 ` DarKRaveR
2017-07-14 11:02 ` Lucas Ramage
2017-07-13 10:30 ` Kristian Fiskerstrand
2017-07-13 13:52 ` William Hubbs
2017-07-13 23:30 ` William Hubbs
[not found] ` <CAJ0EP434FLFWQCTTqNr16oij=VfYem4ARr+C_-9NoQPBucWKmw@mail.gmail.com>
2017-07-14 0:05 ` Mike Gilbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CANSUr=K9S5r_82rPyQDUJu9FWqOP+Yc=f3zD=8=SzU3GGY=vtg@mail.gmail.com' \
--to=bkohler@gmail.com \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox