RD Thrush [openbsd-t...@thrush.com] wrote: > On 05/13/16 11:07, Theo de Raadt wrote: > >> Since the anti-ROP mechanism in libc [2] was added in late April, -current > >> with read-only /usr produces something like the following message: > >> re-ordering libraries:install: /usr/lib/INS@OPOjn7ck17: Read-only file > >> system > > > > Look, your statement is false. I can install a snapshot right now, > > and I won't see what you report. > > The report is fairly easy to reproduce. Make the /usr filesystem read-only > in /etc/fstab, go to single user mode and exit back to multi-user. I've > appended a transcript. > > > That is the result of a mis-configuration on your part. > > It's unfortunate that mounting /usr read-only is now a mis-configuration. >
Robert, what do you suggest? 1. Say sorry, no mitigation because we want to support all possible configurations 2. Say OK, and provide a work-around in /etc/rc that might (or might not) work with your situation, and makes the overall situation more complicated for everyone 3. Say sorry, the mitigation technique will not be changed. You are on your own. I think it comes down to this. If you want read-only /etc, you'll have to modify /etc/rc, if you still want the mitigation.
