From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 085DC1382C5 for ; Sun, 6 Dec 2020 06:40:25 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BF792E08D3; Sun, 6 Dec 2020 06:40:19 +0000 (UTC) Received: from mail-ot1-x334.google.com (mail-ot1-x334.google.com [IPv6:2607:f8b0:4864:20::334]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 7D1C4E08BB for ; Sun, 6 Dec 2020 06:40:19 +0000 (UTC) Received: by mail-ot1-x334.google.com with SMTP id w3so8873273otp.13 for ; Sat, 05 Dec 2020 22:40:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=MbwXDak3TDM3k6F8uXKU//CYiFSCarkPztOrNdnJL0U=; b=j2eIUae3zhZTA+j7aU0UkT6F5svXkMSz90qeGBihFKFn15mv0tizZhExxEReMeyPOB W9qPQJbV0O03npDPC0YG1fylPH7/r7ejJq5kh1pQeJ4wlFkADxFNOBn0x2jFFg0LAozj mrde11FPZVkRJXb0W0K9T18QH8bFE39RT5uUeKLaK9IgpkGsCvdrA5LLmKCTy0yIWkJK Wgg6luDlyOhMEewXArSEbOgdxkzrOKXBM1GzojQOA+JezSoYCf4wvUoBkiLZTCydSWrr gR8vuCjooOPmgU7vtKzA5++UTGux8C/isIzXDoYILnUfX9schFzNRabf0JHWwDxFM80y /eQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=MbwXDak3TDM3k6F8uXKU//CYiFSCarkPztOrNdnJL0U=; b=fdN73wL29h2q9VKUoB0eBNYT23QLHnbn/bUb+QD6m8xAAcgMjbADz1LNoVmBKRTusO 9KaSl44KtHjTAPGYIp4JlU2WDlHmIKMtQdF0T//eTGm5J5Jz2I0i7YHTKFjDibuG9zgt A1331YXoClE0Zs+kRxW105+5jYyMliOtO1Os43rI1DTX8nMNdT3wfkagM+kkpmaVWphc wuzvUZLNaSRqhD5J6d1Rxtjog4gYvNE0WUh6KrL8xh0PCeSFh82ardpGDG7exI5vEEAO T/V7O/Z6dn8Mz10CxojVhJb3YLBnma/tfiScnPSTQVJpPLhs2W6sFzOBEzabdjSQWf+3 bYLA== X-Gm-Message-State: AOAM531ZYmdkjPlEN0s8fbSCOs8he47UV3eN5gaeL/nKhBN/DIpDZbG1 a5Hm5qUIfKhhOj3qi0OCOWw= X-Google-Smtp-Source: ABdhPJxoRjwebdT9OC8aG9zztOhOrEbc1agwO870Q9ZFIgjjHrQE5c8H8wHV5m34DmYShlcXj7EF6Q== X-Received: by 2002:a05:6830:1396:: with SMTP id d22mr8943469otq.242.1607236818521; Sat, 05 Dec 2020 22:40:18 -0800 (PST) Received: from [192.168.0.100] (adsl-074-188-243-161.sip.asm.bellsouth.net. [74.188.243.161]) by smtp.gmail.com with ESMTPSA id o49sm1817846ota.51.2020.12.05.22.40.17 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 05 Dec 2020 22:40:17 -0800 (PST) Subject: Re: [gentoo-user] Switching default tmpfiles and faster internet coming my way. To: gentoo-user@lists.gentoo.org References: <4b0dc38c-0f6e-208d-6187-c856a453aeae@gentoo.org> <61d98418-9451-027d-3266-4f62a13a8802@gmail.com> <7dc8a328-6fda-ef4e-b0d2-f7f719b732ec@gentoo.org> From: Dale Openpgp: preference=signencrypt Autocrypt: addr=rdalek1967@gmail.com; prefer-encrypt=mutual; keydata= mQINBFxc7MgBEAC+zrgEdqJJiDe/UDAB+ScmferXWfJTVjbVT2T4DQ7jiLrgP9aNUo1HioNF mrU3JPOCR32gvZyTbY1+niO5+VSo/+pSqQ785h6ZDj1klMkrg6tEzGnf2MNBpBj4houZwxQ+ WDKKTg2M9F+lv8wTIdR/JQn+hSviktLMtrghQlyLhpapsLXWLA6gMFebpQYwxUwemvan8ddX lQvJe9FGyFYvBi0dp1gl10F2O+DVZJxvX8xkX+yImVlhVJiC31gXHRcj+Qlo7gprlU7TIieF Uow6/ZvYKJ26pztVdFCg5w0rMJkF/x8Zd4A6wnuptiAPmWaQ1+YKgYDonbDUgwqFSx5/lN5z DGZ4LlioxeUTTPVvZsqBIeDz6jNFA583OYbo1/S26dqrvTFf2DKlsvoDpVfAhNlwJPjoixs0 X3FNqPv+M10n4kq5Iz7Q9E3O4s/nfFIYGocEslVka7zZPkXSaHbsn+KJlY8XV6qxtCEdh0/V XX1+1aU2J74M0JikWhpwxTZ1dP5aOyWSPPEgFFIRW6xwwC02SoRH9a7mggfGYp/YjPlONNaT SCL8sgRfvmq3D0XTbLyTjSbExxkfKDmbePQagawDE3TlI/oivHf1JaAcbwMb3LZuU4TGcOIl 5D+x7q0MUIeCop0ZFOwAnqW3AVVNvsBkv2KN+IHJryWAf0/iMQARAQABtBtEYWxlIDxyZGFs ZWsxOTY3QGdtYWlsLmNvbT6JAk4EEwEIADgWIQTZ7suruPBaS60bCYXvEM/XWu+ZnAUCXFzs yAIbIwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDvEM/XWu+ZnN+7D/4/1dNG4aCz0+v+ 0dcjV5tY1feYEWCdHKyDzxWBxlCpd/0NPRQeNY4VMjbCl/sq7GkXi/c2SbfWDQ5BQRkkExG1 pSwuXSIehGok/4fpTi3HDAguRvzdCqlKPt7me05FyiC/WnpY5GOlJ3ruGw2qABv/RmV2q5b/ tkq7h1y1f16DTNr3/nsj8HzHcrHdXdL4kaYChSOe/dbQR9Stqak7eMyR+iwvrJMNF/CGl70P 2x5ybsXMDzRVOqNcpa5ZdhEMTVh6+vC1SOmm1BFMF8XCqBEvBbcHWDQmGYTdNCsS/ADm8CBl gvjJgLdIsAzoMu4WHQDFnzXAoArqFWgAf53isOS4AWrv29tF9b8Aa1vb7h5JEa+ArcMsA6Gl X38+GY6WXXaxKI9n3PTCWu9tPGnRh7mABjnwEosDDqmzw8aTAYECb3avDuGY2rmcjgh4H6RE w08d63j1T4d5J9wlm4TGtW/VHgbUFkATEdH3Acl/EjFiyqTiX7p8kU6Reu5enIkogA93xoQh Rmy7ZiST/5LN+ZkaOdyjIw0L+5KalslN9SKt809YxgJ6kPo657LNTFPiFvFA46/SEWcBYrzq Xk0wEW0gBRWf+BqN0qRhU0/EQ+QfRdLLFg2xtUePwlheYLXxfyDLrdCCOLWYpkzbjCZHLS4u 69smbvR9S9KBDNzJybxEWrkCDQRcXOzIARAA5IGRWTqaM44IJgBYghZg2fGj0Am7KWPhE7V7 T/EEe7vVSUEFqHtlHzI4ZK6Q0AZ9uAEjE8IJIQ7KoTjzNqAtabP0vp3s0szgtJlsZ+8vGKlQ my7fvzSrdoQL0Xn7CEwJYFXJ1EMUcYIQeoHG1cUAaXx73k9BFbjwjnUeMrqlV/ZovQlg7duW nESfQ7HZu5NrtYyY3jPMUouxiO9WQPh+IHxZbt1absF2VcvRAymD32RxGvMPbw6ChMRD/p9O 4PH7M5rXaxr78NXQX9E48vrI00f1cYb9NSN1HnSV8cW3jKObVjdBk6jPQwrMvdpgdQhUB9aZ HS/9mC9mmAgiXKyCpzXe7FPB6QznSfn4GIaC/luy1e6SLUkJhRK/niB+gq+Mfxg2zXNuDUTI cMGmpDCp3kgUoorkaltk8RW09io95BkXrGhcDNuSGZfAParBc7RXyYpbIcax8St7tEAd2oFh 4seYOPUlzuhGrPpqR/91wrFc4E1260GKauSr4UhMJv6tygBwyC0mmBMKi+ZXw6ZdZxA5fg7y 35P3TILjznCXXTDgRHq9A3NknKRMcgFacX6eIhANkMFo6oJVjuEgy1dvu1wFfDq7c+i8GAHu L4pYzyXYu6PporlNNU0xSwdVgzM/uuK0lt+UxCimgC+YR3IezgDcbfudb7h9dGIwL+bbPL0A EQEAAYkCNgQYAQgAIBYhBNnuy6u48FpLrRsJhe8Qz9da75mcBQJcXOzIAhsMAAoJEO8Qz9da 75mcXZ4P/1YXgWDZek7mhzrf6uaQzMxa92P89HeWz4PlgB/32symeEFAV04WazzBZffI8AYY rGA1Xmu/2VaB9+FOODyKhUWBc2UL0NRWBk6POwboyTdKlclmpixaN9zLcBt0YLejoRfN1B/5 aQf9/lUDZMnAiCyz0FgeqEMUshldmwWC35RqnjrCbbuk2vIqSH6BLDIXU6jQrLHE1DF0ai41 wLtQFAFXPhn45n0ZwYhVs4Z32z4sjXrIvgBgCaXa4HM+L1Klne0KiNM8ReFTTpTE0SgyDOSZ O3MOa2n77i6JbVtsbiFYnNeP3J9S/l3jevGpZEtNQOKrIm1MW8jGuHWtsDeMkT/mCcSodlkt PxIo+mMK9GpGvG2hW80LiohqNfUbNwAmr3blOYY4URPXPRnEnPs4pmTmL5owjw2dkg145i9I D42Tq+XZ6YtWt3SGzGbAYow6XwTwZ5NFAzV9UQuCGrDw4KWan6O6Z+VIYWsn0UMZlu1Obxna aocofkaUCbISK26kImuD1aA8juSHC18Qv1xUage6/UakbSxyDtACqt6hOVFKX3IA59ApdNRT +2x3iCmlvF9MJsGgFq6IpqL+Fk7iWV8Kjbz0wQOId6N9+JdQh3LrLaS7a1PowUm1z9DK5/O0 Yg+gpDnEOOFI7WM5u7a7FSM2Z/LXGVwel/0eWvLk9tN6 Message-ID: <4ac90503-8da0-fabd-fb78-8939b312bc4b@gmail.com> Date: Sun, 6 Dec 2020 00:40:16 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 SeaMonkey/2.53.5.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: <7dc8a328-6fda-ef4e-b0d2-f7f719b732ec@gentoo.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Archives-Salt: 61d8af0c-2d8b-4ff6-8f4d-769eb5f3dae9 X-Archives-Hash: 868fb20bee1d130069ddeee5c722354e Michael Orlitzky wrote: > On 12/4/20 12:02 PM, Dale wrote: >> >> So basically, that package would have to start over from scratch to be >> fixed.  That's not very likely if history means anything. >> > > I think the opentmpfiles devs are planning to copy/paste the > systemd-tmpfiles C code into opentmpfiles eventually. That will make > it safe on Linux, obviously, since systemd-tmpfiles is... but will > leave the hardlink problem unsolved on other kernels. > > There's no way to make opentmpfiles both cross-platform and safe. It's > possible to do so with OpenRC more generally, but that's a larger > undertaking that I suspect no one is interested in taking under: > >   1. Give up on tmpfiles entirely >   2. Replace "checkpath" in OpenRC with something that drops privileges >   3. Rewrite all of the init scripts that rely on tmpfiles >   4. Rework any packages that use tmpfiles without an OpenRC service > > >> Sounds like switching is the best path and really, about the only path. >> Until something better comes along or the default is redone from >> scratch, not switching leaves a door open for a bad guy. > > Exactly. > > >> Do you know if the systemd devs manage this or is this package done >> outside of them?  Since some don't like systemd, myself being one of >> them, I'd like to know what group maintains that package. > > Lennart "fuck Gentoo" Poettering is still in charge of > systemd-tmpfiles, but there's nothing bad to be said about him in this > regard. Compare his immediate and complete response to these issues, > >   * https://github.com/systemd/systemd/issues/7736 >   * https://github.com/systemd/systemd/issues/7986 > > with the fact that the opentmpfiles bugs have sat there unaddressed > for three years. > > It sounds like both packages will end up being the same.  Sort of.  Switching it is.  I read through those links.  I admit, a lot of it went over my head but I did get a somewhat better understanding of how it is insecure. It seems to me like it would be a difficult thing to accomplish but if one does, it could get bad.  Thanks much for all the info.  It helped me and I hope it helped others as well.  Dale :-)  :-)