From: Paul Colquhoun <paulcol@andor.dropbear.id.au>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] udev + /usr
Date: Tue, 13 Sep 2011 17:28:12 +1000 [thread overview]
Message-ID: <2387970.DMxu7Vsxid@tux> (raw)
In-Reply-To: <3088897.eN9Xrd73K9@pc>
On Mon, 12 Sep 2011 05:59:29 PM Michael Schreckenbauer wrote:
> Hi Canek,
>
> On Monday, 12. September 2011 11:35:13 Canek Peláez Valdés wrote:
> > (This would be my only post in this new thread: I think I have made my
> > point of view clear in the other thread).
> >
> > I have seen a lot of disinformation going on in the other threads
> > (like some people suggesting that /var would not be able to be on its
> > own partition at some point in the future). Just before everyone start
> > to wildy conjecture, please take a look at this:
> >
> > http://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
>
> well, the culprit here is:
> "The binaries called from these rules are sometimes located on /usr/bin, or
> link against libraries in /usr/lib, or use data files from /usr/share. If
> these rules fail udev will proceed with the next one, however later on
> applications will then not properly detect these udev devices or features
> of these devices."
My major worry is that udev is happily running arbitrary scripts from
arbitrary locations early in the boot process, and is actively trying to make
this easier.
How much more Microsoft-security-ish do we want Linux to get?
From a paranoid-security point of view, I think the proper solution is to just
*insist* that all scripts/executables run from udev be located in /{s}bin *
/lib (or even in /udev_libexec) and run all scripts from a restricted shell
to stop them just redirecting to somplace less secure.
Does udev even check to see if the scripts/executables are owned by root (a
plus) or world writable (a big minus)?
I hope it doesn't take a Linux virus/worm using udev as a vector to prompt a
review.
> Why doesn't udev queue failing scripts for later execution? It just assumes
> everything is in place in the moment it needs it. This is bad design for a
> tool, coming in so early in the boot process.
>
> > Also, a look at this thread is maybe justified:
> > http://thread.gmane.org/gmane.comp.sysutils.systemd.devel/1728/
>
> Same thing here. This all basically reads "We did some really bad design
> choices, now let's fix the surroundings."
> The following sentence really made me laugh:
>
> "> If so, what does LSB say to this new directory?
>
> Nothing really, they just document current common practice. We might
> request an update to LSB after it is used for a while and has shown
> that it is what we want."
>
> He does not know, if the thing he designed is the thing he wants.
> That's ridiculous!
>
> > Change happens.
>
> We already know this.
>
> > Regards everyone.
>
> Best,
> Michael
--
Reverend Paul Colquhoun, ULC. http://andor.dropbear.id.au/~paulcol
Before you criticize someone, you should walk a mile in their shoes.
Then, when you do, you'll be a mile away, and you'll have their shoes.
next prev parent reply other threads:[~2011-09-13 7:30 UTC|newest]
Thread overview: 254+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-12 15:02 [gentoo-user] udev + /usr Alan Mackenzie
2011-09-12 15:33 ` Michael Schreckenbauer
2011-09-12 17:17 ` Alan Mackenzie
2011-09-12 17:39 ` Michael Mol
2011-09-12 18:08 ` Michael Schreckenbauer
2011-09-12 18:37 ` Canek Peláez Valdés
2011-09-12 19:00 ` Michael Mol
2011-09-12 19:35 ` Canek Peláez Valdés
2011-09-12 19:52 ` Michael Mol
2011-09-12 20:24 ` Alex Schuster
2011-09-13 7:08 ` Joost Roeleveld
2011-09-12 20:31 ` Alan Mackenzie
2011-09-13 3:18 ` Peter Humphrey
2011-09-13 7:15 ` Joost Roeleveld
2011-09-13 7:01 ` Paul Colquhoun
2011-09-13 18:15 ` Dale
2011-09-12 20:16 ` David W Noon
2011-09-12 19:07 ` Michael Schreckenbauer
2011-09-12 19:18 ` Michael Mol
2011-09-12 19:41 ` Michael Schreckenbauer
2011-09-12 20:07 ` Michael Mol
2011-09-12 20:57 ` Alan McKinnon
2011-09-12 22:00 ` Michael Schreckenbauer
2011-09-12 23:31 ` Canek Peláez Valdés
2011-09-13 7:28 ` Joost Roeleveld
2011-09-13 8:52 ` Michael Schreckenbauer
2011-09-12 21:14 ` Pandu Poluan
2011-09-13 2:07 ` Walter Dnes
2011-09-13 7:25 ` Joost Roeleveld
2011-09-12 19:56 ` Dale
2011-09-13 3:28 ` Walter Dnes
2011-09-13 7:04 ` Neil Bothwick
2011-09-13 15:21 ` Walter Dnes
2011-09-13 15:38 ` Michael Schreckenbauer
2011-09-13 15:49 ` Neil Bothwick
2011-09-13 16:56 ` Joost Roeleveld
2011-09-12 17:50 ` Michael Schreckenbauer
2011-09-13 14:40 ` Alan Mackenzie
2011-09-13 14:55 ` Michael Schreckenbauer
2011-09-13 15:38 ` Alan Mackenzie
2011-09-13 16:14 ` Canek Peláez Valdés
2011-09-13 20:35 ` Alan McKinnon
2011-09-13 20:52 ` Canek Peláez Valdés
2011-09-13 20:57 ` Michael Mol
2011-09-13 21:10 ` Canek Peláez Valdés
2011-09-13 21:30 ` Michael Schreckenbauer
2011-09-13 21:53 ` Canek Peláez Valdés
2011-09-13 22:10 ` Michael Schreckenbauer
2011-09-13 22:33 ` Canek Peláez Valdés
2011-09-14 5:52 ` Joost Roeleveld
2011-09-14 14:30 ` Canek Peláez Valdés
2011-09-14 18:36 ` Dale
2011-09-14 18:55 ` Canek Peláez Valdés
2011-09-14 23:06 ` William Kenworthy
2011-09-15 0:00 ` Dale
2011-09-15 20:42 ` Mike Edenfield
2011-09-15 21:01 ` Michael Mol
2011-09-15 21:16 ` Joost Roeleveld
2011-09-15 21:28 ` Canek Peláez Valdés
2011-09-15 22:05 ` Mike Edenfield
2011-09-15 22:26 ` Mark Knecht
2011-09-15 22:44 ` Canek Peláez Valdés
2011-09-16 8:46 ` Joost Roeleveld
2011-09-16 10:00 ` Alan McKinnon
2011-09-16 10:54 ` Joost Roeleveld
2011-09-16 13:03 ` Alan McKinnon
2011-09-15 7:01 ` Joost Roeleveld
2011-09-15 13:47 ` Michael Mol
2011-09-15 14:11 ` Joost Roeleveld
2011-09-15 14:32 ` Michael Mol
2011-09-15 14:48 ` Joost Roeleveld
2011-09-15 14:58 ` Canek Peláez Valdés
2011-09-15 17:43 ` Canek Peláez Valdés
2011-09-15 21:25 ` Joost Roeleveld
2011-09-15 21:34 ` Canek Peláez Valdés
2011-09-16 8:54 ` Joost Roeleveld
2011-09-18 7:29 ` Walter Dnes
2011-09-15 15:03 ` Michael Mol
2011-09-15 15:16 ` Michael Schreckenbauer
2011-09-15 15:37 ` Michael Mol
2011-09-15 15:43 ` Joost Roeleveld
2011-09-15 16:16 ` Michael Mol
2011-09-15 16:37 ` Joost Roeleveld
2011-09-15 15:13 ` Michael Schreckenbauer
2011-09-15 17:59 ` Mick
2011-09-15 19:04 ` Canek Peláez Valdés
2011-09-15 19:17 ` Neil Bothwick
2011-09-15 21:30 ` Joost Roeleveld
2011-09-15 21:38 ` Canek Peláez Valdés
2011-09-16 8:59 ` Joost Roeleveld
2011-09-16 9:29 ` Pandu Poluan
2011-09-16 14:57 ` Canek Peláez Valdés
2011-09-16 15:57 ` Dale
2011-09-16 16:11 ` Canek Peláez Valdés
2011-09-16 16:20 ` Mark Knecht
2011-09-16 17:09 ` Dale
2011-09-16 16:21 ` Pandu Poluan
2011-09-17 6:06 ` Joost Roeleveld
2011-09-16 18:45 ` Carlos Hendson
2011-09-19 0:58 ` Walter Dnes
2011-09-15 14:57 ` Canek Peláez Valdés
2011-09-15 15:08 ` Michael Mol
2011-09-15 15:37 ` Joost Roeleveld
2011-09-15 18:15 ` Neil Bothwick
2011-09-15 21:32 ` Joost Roeleveld
2011-09-15 17:37 ` pk
2011-09-15 21:34 ` Joost Roeleveld
2011-09-15 20:05 ` Sebastian Beßler
2011-09-15 20:27 ` Canek Peláez Valdés
2011-09-15 20:53 ` Sebastian Beßler
2011-09-15 21:05 ` Canek Peláez Valdés
2011-09-16 9:08 ` Joost Roeleveld
2011-09-16 14:53 ` Canek Peláez Valdés
2011-09-17 6:45 ` Joost Roeleveld
2011-09-17 7:04 ` Joost Roeleveld
2011-09-17 14:59 ` Canek Peláez Valdés
2011-09-17 12:33 ` Alan McKinnon
2011-09-17 14:50 ` Canek Peláez Valdés
2011-09-17 15:41 ` Michael Mol
2011-09-17 18:36 ` Canek Peláez Valdés
2011-09-17 19:24 ` Michael Mol
2011-09-17 21:13 ` Canek Peláez Valdés
2011-09-18 19:13 ` Neil Bothwick
2011-09-17 23:00 ` Alan McKinnon
2011-09-17 23:31 ` Michael Mol
2011-09-17 23:45 ` Canek Peláez Valdés
2011-09-17 23:50 ` Michael Mol
2011-09-18 7:37 ` Alan McKinnon
2011-09-18 9:23 ` [gentoo-user] [OT rant] " pk
2011-09-18 10:03 ` Volker Armin Hemmann
2011-09-18 10:44 ` pk
2011-09-18 12:32 ` Volker Armin Hemmann
2011-09-18 12:56 ` Alan McKinnon
2011-09-18 16:55 ` pk
2011-09-18 17:41 ` Indi
2011-09-18 18:13 ` pk
2011-09-18 19:08 ` Alan McKinnon
2011-09-18 20:48 ` Volker Armin Hemmann
2011-09-20 0:20 ` Walter Dnes
2011-09-20 16:50 ` Volker Armin Hemmann
2011-09-20 17:10 ` Alex Schuster
2011-09-20 17:28 ` Michael Mol
2011-09-20 17:33 ` Mark Knecht
2011-09-20 17:54 ` Alex Schuster
2011-09-20 17:19 ` Thanasis
2011-09-20 17:30 ` Volker Armin Hemmann
2011-09-21 16:54 ` Roman Dobosz
2011-09-18 13:19 ` pk
2011-09-18 13:31 ` Canek Peláez Valdés
2011-09-18 17:43 ` pk
2011-09-18 19:52 ` Michael Mol
2011-09-18 21:06 ` Volker Armin Hemmann
2011-09-19 19:23 ` Alan McKinnon
2011-09-19 16:23 ` pk
2011-09-19 16:37 ` Michael Mol
2011-09-19 17:42 ` Volker Armin Hemmann
2011-09-19 18:02 ` Michael Mol
2011-09-19 19:20 ` Alan McKinnon
2011-09-19 19:42 ` Michael Mol
2011-09-19 20:44 ` Volker Armin Hemmann
2011-09-19 22:13 ` Neil Bothwick
2011-09-19 6:21 ` Paul Colquhoun
2011-09-19 16:28 ` Volker Armin Hemmann
2011-09-18 13:37 ` Volker Armin Hemmann
2011-09-18 13:58 ` Michael Mol
2011-09-18 21:07 ` Volker Armin Hemmann
2011-09-19 17:13 ` Michael Mol
2011-09-18 13:15 ` Canek Peláez Valdés
2011-09-18 13:33 ` Volker Armin Hemmann
2011-09-22 15:06 ` [gentoo-user] " Michael Orlitzky
2011-09-17 21:03 ` pk
2011-09-17 21:25 ` Canek Peláez Valdés
2011-09-19 8:30 ` [gentoo-user] " Nicolas Sebrecht
2011-09-19 14:22 ` Alan McKinnon
2011-09-19 14:41 ` Michael Schreckenbauer
2011-09-19 16:36 ` Volker Armin Hemmann
2011-09-19 17:25 ` Michael Schreckenbauer
2011-09-19 17:43 ` Volker Armin Hemmann
2011-09-19 17:59 ` Michael Schreckenbauer
2011-09-19 18:06 ` Michael Mol
2011-09-19 19:12 ` Alan McKinnon
2011-09-19 20:46 ` Volker Armin Hemmann
2011-09-19 21:22 ` Alan McKinnon
2011-09-20 2:00 ` Indi
2011-09-19 18:28 ` pk
2011-09-20 10:13 ` James Broadhead
2011-09-20 23:12 ` Alan McKinnon
2011-09-20 23:47 ` Dale
2011-09-21 17:55 ` Mick
2011-09-17 18:43 ` [gentoo-user] " Canek Peláez Valdés
2011-09-18 14:47 ` Joost Roeleveld
2011-09-18 15:32 ` Pandu Poluan
2011-09-15 20:26 ` Alan McKinnon
2011-09-14 9:06 ` Neil Bothwick
2011-09-14 14:37 ` Canek Peláez Valdés
2011-09-14 14:49 ` Michael Mol
2011-09-14 15:36 ` Neil Bothwick
2011-09-14 15:43 ` Michael Mol
2011-09-14 16:05 ` Allan Gottlieb
2011-09-14 16:10 ` Canek Peláez Valdés
2011-09-14 18:59 ` Neil Bothwick
2011-09-14 22:37 ` Peter Humphrey
2011-09-14 23:43 ` Neil Bothwick
2011-09-14 23:51 ` Peter Humphrey
2011-09-14 15:35 ` Neil Bothwick
2011-09-14 16:07 ` Canek Peláez Valdés
2011-09-14 16:40 ` Sebastian Beßler
2011-09-15 7:37 ` Joost Roeleveld
2011-09-15 7:26 ` Joost Roeleveld
2011-09-14 10:25 ` Alan Mackenzie
2011-09-14 14:10 ` Mick
2011-09-14 14:19 ` Michael Mol
2011-09-14 14:56 ` Canek Peláez Valdés
2011-09-14 14:50 ` Canek Peláez Valdés
2011-09-14 14:47 ` Canek Peláez Valdés
2011-09-14 15:04 ` Stroller
2011-09-14 21:34 ` Alan Mackenzie
2011-09-14 22:05 ` Really OT now (Re: [gentoo-user] udev + /usr) Michael Schreckenbauer
2011-09-14 22:35 ` Michael Mol
2011-09-15 18:58 ` IDE for C/C++ (Was: " David W Noon
2011-09-15 19:16 ` Michael Mol
2011-09-15 19:47 ` Leonardo Guilherme
2011-09-15 19:59 ` Chris Brennan
2011-09-15 20:05 ` Michael Mol
2011-09-15 21:39 ` Joost Roeleveld
2011-09-16 0:22 ` Michael Mol
2011-09-16 9:43 ` Michael Schreckenbauer
2011-09-16 12:30 ` Mike Edenfield
2011-09-16 12:46 ` Michael Mol
2011-09-16 13:10 ` Alan Mackenzie
2011-09-15 21:37 ` Alexander Tanyukevich
2011-09-15 21:38 ` Alexander Tanyukevich
2011-09-15 20:09 ` [gentoo-user] Re: Really OT now (Re: " Nikos Chantziaras
2011-09-15 14:10 ` [gentoo-user] udev + /usr Stroller
2011-09-13 16:24 ` David W Noon
2011-09-13 23:00 ` Mike Edenfield
2011-09-13 12:38 ` Mike Edenfield
2011-09-13 12:45 ` Neil Bothwick
2011-09-13 15:09 ` Stroller
2011-09-13 15:46 ` Neil Bothwick
2011-09-13 23:10 ` Mike Edenfield
2011-09-13 12:59 ` Michael Mol
2011-09-14 20:41 ` pk
2011-09-12 20:45 ` Alan McKinnon
2011-09-12 15:35 ` Canek Peláez Valdés
2011-09-12 15:59 ` Michael Schreckenbauer
2011-09-13 7:28 ` Paul Colquhoun [this message]
2011-09-12 16:21 ` Dale
2011-09-12 16:42 ` Canek Peláez Valdés
2011-09-12 16:52 ` Michael Schreckenbauer
2011-09-12 18:26 ` Canek Peláez Valdés
2011-09-12 18:54 ` Michael Schreckenbauer
2011-09-12 16:55 ` Michael Mol
2011-09-12 20:34 ` Alan McKinnon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2387970.DMxu7Vsxid@tux \
--to=paulcol@andor.dropbear.id.au \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox