Bug #342455 is still assigned to this committee; there seems to be a consensus on the correct course of action, but there has as yet not been a vote, nor a fix in the devmapper package.
The following draft resolution attempts to capture the consensus as I understand it, so I'm throwing it out for consideration. Amendments are welcome, whether improvements on the wording or substantive changes. In particular, I'm not sure whether you all will think point 14. is appropriate in the event that the resolution doesn't pass with a 3:1 majority. Also, Raul suggested in <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342455;msg=15> that policy should also be amended to spell out the permissions for disk devices -- do we need to include text here which addresses that directly? I'd like to get started with this vote fairly soon, since AIUI Roger is hoping that a fix for this issue can be included in the next stable point release; so I hope you'll all forgive my delinquence in getting this draft written up, and submit any amendments ASAP so that I can call for a vote on it in the next couple of days. (BTW, have people read Bastian's patches in <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342455;msg=129>? While they are a very encouraging development, if you look them over you'll see that Bastian has still implemented root:root 0600 as the default permissions for lvm2 -- so there is still an unresolved technical dispute here, not just an issue of time management...) WHEREAS 1. It is a limitation of the current device-mapper implementation in Debian that all device nodes managed by libdevmapper are created with the same hard-coded ownership and permissions; and 2. The standard owning group for disk device nodes is group "disk"; and 3. The sole reason for the existence of this group on Debian systems is to control access to disk devices; and 4. The majority of device-mapper nodes expose data that is already available to members of the disk group via the component disks; and 5. The use of a different owning group in these cases therefore makes accessing the data more inconvenient but not more secure; and 6. The exception to the above is dm-crypt, whereby device-mapper nodes expose data that is not available in unencrypted form from the component disks; and 7. No single owning group satisfies all possible use cases for device-mapper; but 8. Users of dm-crypt have the option of not adding users to the disk group that they do not wish to have access to their unencrypted dm-crypt volumes; THE TECHNICAL COMMITTEE: 9. THANKS Bastian Blank for his continued maintenance of the devmapper package in Debian; and 10. ALSO THANKS Roger Leigh for bringing this issue before the committee; and 11. ENCOURAGES the devmapper maintainer to work towards support for configurable device-mapper device permissions in Debian; and 12. DETERMINES that the correct default permissions for all device-mapper nodes is root:disk 0660, with or without support for configurable device permissions; and 13. ASKS (with a 3:1 majority: REQUIRES) the devmapper maintainer to implement these permissions in unstable by applying Roger Leigh's patch from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329409;msg=87;att=0; and 14. AUTHORIZES Roger to implement these same permissions in stable via a non-maintainer upload. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature
