Sat, 14 May 2016 12:24:50 -0400 RD Thrush <openbsd-t...@thrush.com>
> On 05/13/16 23:34, Theo de Raadt wrote:
> >> The report is fairly easy to reproduce. Make the /usr filesystem
> >> read-only in /etc/fstab, go to single user mode and exit back to
> >> multi-user. I've appended a transcript.
> >
> > This does not matter. It is your configuration. It is not the default.
> >
> > Can you make /usr readonly on 90% of other operating systems, without
> > downsides? Then switch. The reality is that you can't, since it is
> > your own brave configuration choice. You own it.
> >
> >> It's unfortunate that mounting /usr read-only is now a mis-configuration.
> >
> > It was never a valid configuration. Next up, you will ask for readonly
> > /etc. Or readonly /var. Or readonly something. Or operation without
> > half the files that are in /etc. Who knows.
> >
> > It is your change --> you own it.
>
> I have nothing but praise for the related security improvement as well as
> countless others that influenced my choice of OpenBSD since 2.6. I have
> upgraded 100s of times with /usr{,/X11R*,/local} as ro in /etc/fstab. I made
> the 'bugs' report including a diff [1] two weeks ago when I noticed the
> conflict after a -current upgrade.
Look, you don't have to make it public, that you make changes your end.
You don't have to make requests that everyone gets a change because of
how you choose to use the system. And you don't have to insist you're
doing what's appropriate for others, because you don't choose correct.
Finally, the read only file systems on a writable medium susceptible
to all sorts of failure modes is a silly silly useless trick. This
does not provide any real technical benefit but your own discomfort.
> After no response, I asked again and unintentionally triggered angry
> responses, although 2 good suggestions emerged.
Yes, one was don't deviate from the default in this respect, and the
other was, obviously, you're on your own with that change, you own it.
> Edgar Pettijohn [2] suggested adding the mount -ur ... commands to
> /etc/rc.local which works but may warrant a note when [3] is created.
>
> Craig Skinner [4] greatly improved my diff.
>
> I've been managing the read-only /usr partitions since the change w/ a custom
> autoinstall.
>
> [1]<http://marc.info/?l=openbsd-tech&m=146159002802803&w=2>
> [2]<http://marc.info/?l=openbsd-tech&m=146318276829717&w=2>
> [3]<http://www.openbsd.org/faq/upgrade60.html>
> [4]<http://marc.info/?l=openbsd-tech&m=146321493502273&w=2>
Except just this time now, when your self managing became a bug report,
which is not a bug, and you insisted on your way of having it reported.
Now admit it, you support yourself when you make incompatible changes.
