(Hi Debian security team, we would like to consult you on this topic.) Hi Mattia,
>I think one reason I never really consider this chage is because my >security foo are not great enough to understand to throughly understand >all the possible implications such change could have. > >Therefore, I'd rather have somebody that I know be security-minded to >tell me this is really fine before I go on with this. indeed. I *think* it’s fine because all it allows is suid executables to use eatmydata as installed in the system (not user-manipulated), but that might be too much for some people (it does, after all, create more attack surface, but given that the invoker has to manually add the library to LD_PRELOAD, he would have been aware of that it’s used). >TTBOMK, the Policy doesn't cover the very weird situation of a setuid, >but non executable, file. That's because they are usually meaningless, >except for special cases like this where the GNU linker gives extra >meaning to such otherwise meaningless bit. Indeed, but I don’t see anything against it either. >> • precedent, so I’ll eventually be able to package up my own preload >> library (an X11 IME, in case someone wonders) and use it like that > >We are completely under the rain here, there is no precedent that I know >of (but I'd welcome be wrong and somebody showing me one), nor Policy >thought ahead of us… True. >So, I think a first step toward anything would be to involve some >security person, be they from the security team, or somebody that is at >least renewed to deal with such stuff. That's just because I don't >trust myself :) >I'll let you mail/whatever somebody you think is appropriate. I’ve added the security team on Cc, perhaps they can share some insight and/or discuss that further. >> • making the life of eatmydata users easier by enabling it by default > >To be clear, whatever comes out will be for bullseye+, it's too late for >buster. I am very aware ;-) but, in case this needs a lengthy discussion, it may be better to start the ball rolling early enough for bullseye ☻ bye, //mirabilos -- I believe no one can invent an algorithm. One just happens to hit upon it when God enlightens him. Or only God invents algorithms, we merely copy them. If you don't believe in God, just consider God as Nature if you won't deny existence. -- Coywolf Qi Hunt
