On 05/13/16 19:40, Chris Cappuccio wrote: > RD Thrush [openbsd-t...@thrush.com] wrote: >> On 05/13/16 11:07, Theo de Raadt wrote: >>>> Since the anti-ROP mechanism in libc [2] was added in late April, -current >>>> with read-only /usr produces something like the following message: >>>> re-ordering libraries:install: /usr/lib/INS@OPOjn7ck17: Read-only file >>>> system >>> >>> Look, your statement is false. I can install a snapshot right now, >>> and I won't see what you report. >> >> The report is fairly easy to reproduce. Make the /usr filesystem read-only >> in /etc/fstab, go to single user mode and exit back to multi-user. I've >> appended a transcript. >> >>> That is the result of a mis-configuration on your part. >> >> It's unfortunate that mounting /usr read-only is now a mis-configuration. >> > > Robert, what do you suggest? > > 1. Say sorry, no mitigation because we want to support all possible > configurations > > 2. Say OK, and provide a work-around in /etc/rc that might (or might not) > work with your situation, and makes the overall situation more complicated > for everyone > > 3. Say sorry, the mitigation technique will not be changed. You are on your > own. > > I think it comes down to this. If you want read-only /etc, you'll have to > modify /etc/rc, if you still want the mitigation.
Thanks, Chris. I provided a diff in my original bugs report. Craig Skinner enhanced it and I'll update my autoinstall accordingly. I didn't mention read-only /etc. Not sure where that came from.
