Re: All your home dir are belong to us Reply #30 – 22 June 2024, 21:21:18 Quote from: gripped – on 22 June 2024, 16:42:30But a buggy package could install a buggy tmpfiles .conf file which will destroy your filesystem when the package is removed.Or it could be done maliciously with an AUR packageThis is my biggest worry or to be more precise next tmpfiles upstream update that considers that /home should not be there and moves/encrypts/reformats it in the way that works with systemd but kills all non-systemd home folders. I mean why not, wouldn't be scariest thing that systemd did so far.
Re: All your home dir are belong to us Reply #31 – 22 June 2024, 21:27:06 Quote from: gripped – on 22 June 2024, 17:29:31Not the dev you asked for but on openrc it's called every boot by /etc/init.d/etmpfiles-setupI am trying to imagine use-case where this is needed on every boot? If we would execute it on the first install and never again that would be controlled risk, running it on every boot is much bigger threat.Does anybody knows, when pacman uninstalls package does it try to call etmpfiles --clean for that package? (I'll check pacman source in the few next days if we are not sure)
Re: All your home dir are belong to us Reply #32 – 22 June 2024, 21:35:39 QuoteThis is my biggest worryYeah I'm with you. There is no way that systemd-tmpfiles has any business deleting files and dirs that the tmpfiles.d .conf files don't directly reference.And they should be creating a database of the files/dirs they did create. Because if you didn't create it don't even consider deleting it and everything under it.As a less drastic solution than I described above you could also just remove the more dangerous (imho) files eg home.conf var.conf from /usr/lib/tmpfiles.d and add the filenames to /etc/pacman.confCode: [Select]NoExtract = usr/lib/tmpfiles.d/home.conf usr/lib/tmpfiles.d/var.conf I think that's right ? Check the manpage 1 Likes
Re: All your home dir are belong to us Reply #33 – 22 June 2024, 21:42:28 Quote from: dpx – on 22 June 2024, 21:27:06Does anybody knows, when pacman uninstalls package does it try to call etmpfiles --clean for that package? (I'll check pacman source in the few next days if we are not sure)/usr/share/libalpm/hooks/30-etmpfiles.hookCode: [Select][Trigger]Type = PathOperation = InstallOperation = UpgradeTarget = usr/lib/tmpfiles.d/*.conf[Action]Description = Creating temporary files...When = PostTransactionExec = /usr/bin/etmpfiles --createSo I don't think --clean gets called on installation or upgrade or removal ?But I've removed the packages now, could be there was another hook ?
Re: All your home dir are belong to us Reply #34 – 22 June 2024, 21:50:05 Quote from: gripped – on 22 June 2024, 21:35:39As a less drastic solution than I described above you could also just remove the more dangerous (imho) files eg home.conf var.conf from /usr/lib/tmpfiles.d and add the filenames to /etc/pacman.confGreat minds and all that... I am just looking into ways to sanitize tmpfiles reach, first thing was to move home.conf out of reach.Maybe we can end with some solution like this (I'll need to do some more reading just to make sure nothing is missed) so etmpfiles can be patched on a package level. I'll clone udev PKGBUILD in a day or two to do some testing.
Re: All your home dir are belong to us Reply #35 – 23 June 2024, 19:03:02 Quote from: dpx – on 22 June 2024, 21:50:05I am just looking into ways to sanitize tmpfiles reach, first thing was to move home.conf out of reach.Another option is to create empty files in /etc/tmpfiles.d/ matching the names of the files in /usr/lib/tmpfiles.d you want to block / override.I'm going to stick with my nuclear approach for now though. 1 Likes
Re: All your home dir are belong to us Reply #36 – 07 July 2024, 00:10:58 Quote from: gripped – on 19 June 2024, 19:32:52https://github.com/systemd/systemd/issues/33349"refuse systemd-tmpfiles --purge invocation..." This is a bit ridiculous since SysVinit knows how to handle this for a long time!Code: [Select]$ cat /etc/default/rcS################################################################### NOTE: This file is ignored when systemd is used as init system ##################################################################### /etc/default/rcS## Default settings for the scripts in /etc/rcS.d/## For information about these variables see the rcS(5) manual page.## This file belongs to the "initscripts" package.# delete files in /tmp during boot older than x days.# '0' means always, -1 or 'infinite' disables the feature#TMPTIME=0
Topic: All your home dir are belong to us (Read 1631 times)
previous topic - next topic
Topic: All your home dir are belong to us (Read 1631 times)
previous topic - next topic