On 05/13/16 23:34, Theo de Raadt wrote:
>> The report is fairly easy to reproduce. Make the /usr filesystem
>> read-only in /etc/fstab, go to single user mode and exit back to
>> multi-user. I've appended a transcript.
>
> This does not matter. It is your configuration. It is not the default.
>
> Can you make /usr readonly on 90% of other operating systems, without
> downsides? Then switch. The reality is that you can't, since it is
> your own brave configuration choice. You own it.
>
>> It's unfortunate that mounting /usr read-only is now a mis-configuration.
>
> It was never a valid configuration. Next up, you will ask for readonly
> /etc. Or readonly /var. Or readonly something. Or operation without
> half the files that are in /etc. Who knows.
>
> It is your change --> you own it.
I have nothing but praise for the related security improvement as well as
countless others that influenced my choice of OpenBSD since 2.6. I have
upgraded 100s of times with /usr{,/X11R*,/local} as ro in /etc/fstab. I made
the 'bugs' report including a diff [1] two weeks ago when I noticed the
conflict after a -current upgrade.
After no response, I asked again and unintentionally triggered angry responses,
although 2 good suggestions emerged.
Edgar Pettijohn [2] suggested adding the mount -ur ... commands to
/etc/rc.local which works but may warrant a note when [3] is created.
Craig Skinner [4] greatly improved my diff.
I've been managing the read-only /usr partitions since the change w/ a custom
autoinstall.
[1]<http://marc.info/?l=openbsd-tech&m=146159002802803&w=2>
[2]<http://marc.info/?l=openbsd-tech&m=146318276829717&w=2>
[3]<http://www.openbsd.org/faq/upgrade60.html>
[4]<http://marc.info/?l=openbsd-tech&m=146321493502273&w=2>
