On Mon, Sep 22, 2014 at 11:27 PM, Chris Bannister <[email protected]> wrote: > On Mon, Sep 22, 2014 at 10:35:59AM +0900, Joel Rees wrote: >> 2014/09/22 5:21 "Ansgar Burchardt" <[email protected]>: >> > >> > Hi Joel, >> > >> > Joel Rees <[email protected]> writes: >> > > (6) systemd and cgroups (at minimum) end up overriding the permissions >> > > system. It's bad enough having SELinux and ACLs brought in to knock >> > > holes in the permissions system, but when arbitrary non-kernel system >> > > functions start getting their hands into the equation, there is no way >> > > to be sure that when you set any particular file under /etc or under >> > > ~/ -- including /etc/ssh and ~/.shh -- as mode 740, that the effective >> > > permissions don't end up 666 or 1147. In this case, even pid 1 is a >> > > group of arbitrary non-kernel functions. >> > > >> > > Permissions and race conditions are not the only ways that the >> > > modularity of these technologies is broken. I'm not going to try to >> > > enumerate them here. >> > >> > I'm interested how use of systemd and cgroups will make a file in >> > /etc/ssh or ~/.ssh change effective permissions. Could you explain that >> > in simple, reproducible steps? >> >> When I can, I'll file a bug report. If ever. >> >> I know the theory, so I don't use those, so it's not a high priority for me. >> >> If you are interested, read the manuals,do the math, it falls out, even >> though the manuals are written with a certain bias. > > So why post what you did above? Could you please stop spreading FUD!
My response to this, for the benefit of the mail archives: https://lists.debian.org/debian-user/2014/09/msg01629.html -- Joel Rees Computer storage is just fancy paper, the CPUs are just fancy pens. All is a stream of text, flowing forever from the past into the future. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/caar43iohlxykfb2qfkbavj7k1ogn09zfeh4oxue5cttlwxn...@mail.gmail.com
