Greetings Mr. Andreas Henriksson, Andreas Henriksson <andr...@fatal.se> writes:
> I'll comment in more detail below, but in general I have to start out by > saying I think you've misunderstood this gravely. You should probably > try to clear your mind and start over on trying to understand this. Thanks. > [...] snip > On Thu, Nov 15, 2018 at 12:13:26PM +0800, Benda Xu wrote: >> Hi Andreas, >> >> Dmitry Bogatov <kact...@debian.org> writes: >> >> > [2016-05-07 11:12] Andreas Henriksson <andr...@fatal.se> >> >> [...] >> >> The initscripts package (src:sysvinit) needs equivalent changes to >> >> restore the old status quo (and thus ignoring potential kiosk mode usecase >> >> problems -- kiosk mode users should alter their init scripts and remove >> >> the --force flag to be secure). >> > >> > Sounds convincing to me. So I prepared commit wip/bug-823660. Dear >> > co-maintainers, any objections? >> >> >> @Andreas, what do you mean by "kiosk mode"? Could you please define it >> precisely? > > I think others will explain it better than I can, so I'll just refer > to first and second hit I get on google for kiosk mode: > > https://www.kioware.com/resources.aspx?resid=45 > > https://en.wikipedia.org/wiki/Kiosk_software I see. It is a common concept I am not aware of. Now I understand what you mean. Much appreciated. >> I don't think sysvinit should blindly follow behaviors of systemd. > > This has absolutely nothing to do with systemd. This is about sulogin > move from (debian patched version of) sysvinit sulogin to debian using > sulogin from util-linux. Okay, let's forget about systemd. That's generally a good idea to use util-linux version of sulogin to align the behavior with upstream. Debian-specific hacks should either accepted upstream or ultimately abandoned. >> Entering the system as root without password prompt is a severe security >> hole. > > A "severe security hole" that's been present in sysvinit sulogin for > decades (in debian atleast, IIRC upstream is not to blame for it). > It was "closed" by moving to util-linux sulogin, but that also left > those who have a locked root account (using sudo) being unable to login > via sulogin. I think it a common Debian practice to set root passwords. Disabling root login and put everything on `sudo` feels very Ubuntu. Therefore I think you are right saying "it was 'closed' by moving to util-linux sulogin". > This bug report is limited in scope to just restoring the old status quo > by adding a flag when sysvinit invokes sulogin to get behaviour similar > to the old sysvinit sulogin version. (You're welcome that I helped out > with shephearding the needed util-linux changes upstream for your > convenience.) Good job for bringing it upstream. Thank you. > Implementing flexibility in sysvinit to be able to accomodate for both > use-cases is left as an excersise to the reader. We already have that flexibility: if your system is absolutely physically safe, add --force to `sulogin` in the sysvinit configuration files. If not, leave it alone. I might be wrong and I am all ears to counter arguments. But the "Debian previous status quo", "Many users do not set root passwords" and "systemd has put sulogin --force everywhere" did not convince me. I am sorry. > I'm not interested in sysvinit feature development myself. I'm only > interested in trying to avoid it deteriorating too much. You are being very nice and considerative, Mr. Henriksson. We all have more to worry in daily lives. I will not waste your precious intellectual power anymore, and will keep the discussion within the interested party. > [... rest of message snipped as is seems to go further into > misunderstanding land ...] Thanks again for baring with my grave misunderstanding and good luck! Benda
