Skip to main content
Topic: All your home dir are belong to us (Read 2088 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Re: All your home dir are belong to us

Reply #30
But a buggy package could install a buggy tmpfiles .conf file which will destroy your filesystem when the package is removed.
Or it could be done maliciously with an AUR package

This is my biggest worry or to be more precise next tmpfiles upstream update that considers that /home should not be there and moves/encrypts/reformats it in the way that works with systemd but kills all non-systemd home folders. I mean why not, wouldn't be scariest thing that systemd did so far.

Re: All your home dir are belong to us

Reply #31
Not the dev you asked for but on openrc it's called every boot by /etc/init.d/etmpfiles-setup

I am trying to imagine use-case where this is needed on every boot? If we would execute it on the first install and never again that would be controlled risk, running it on every boot is much bigger threat.

Does anybody knows, when pacman uninstalls package does it try to call etmpfiles --clean for that package? (I'll check pacman source in the few next days if we are not sure)

Re: All your home dir are belong to us

Reply #32
Quote
This is my biggest worry
Yeah I'm with you. There is no way that systemd-tmpfiles has any business deleting files and dirs that the tmpfiles.d .conf files don't directly reference.
And they should be creating a database of the files/dirs they did create. Because if you didn't create it don't even consider deleting it and everything under it.

As a less drastic solution than I described above you could also just remove the more dangerous (imho) files eg home.conf var.conf from /usr/lib/tmpfiles.d and add the filenames to /etc/pacman.conf
Code: [Select]
NoExtract = usr/lib/tmpfiles.d/home.conf usr/lib/tmpfiles.d/var.conf 
I think that's right ? Check the manpage

Re: All your home dir are belong to us

Reply #33
Does anybody knows, when pacman uninstalls package does it try to call etmpfiles --clean for that package? (I'll check pacman source in the few next days if we are not sure)
/usr/share/libalpm/hooks/30-etmpfiles.hook
Code: [Select]
[Trigger]
Type = Path
Operation = Install
Operation = Upgrade
Target = usr/lib/tmpfiles.d/*.conf

[Action]
Description = Creating temporary files...
When = PostTransaction
Exec = /usr/bin/etmpfiles --create

So I don't think --clean gets called on installation or upgrade or removal ?
But I've removed the packages now, could be there was another hook ?

Re: All your home dir are belong to us

Reply #34
As a less drastic solution than I described above you could also just remove the more dangerous (imho) files eg home.conf var.conf from /usr/lib/tmpfiles.d and add the filenames to /etc/pacman.conf

Great minds and all that... I am just looking into ways to sanitize tmpfiles reach, first thing was to move home.conf out of reach.

Maybe we can end with some solution like this (I'll need to do some more reading just to make sure nothing is missed) so etmpfiles can be patched on a package level. I'll clone udev PKGBUILD in a day or two to do some testing.

Re: All your home dir are belong to us

Reply #35
I am just looking into ways to sanitize tmpfiles reach, first thing was to move home.conf out of reach.
Another option is to create empty files in /etc/tmpfiles.d/ matching the names of the files in /usr/lib/tmpfiles.d you want to block / override.
I'm going to stick with my nuclear approach for now though.

Re: All your home dir are belong to us

Reply #36

"refuse systemd-tmpfiles --purge invocation..."  :'(

This is a bit ridiculous since SysVinit knows how to handle this for a long time!
Code: [Select]
$ cat /etc/default/rcS
##################################################################
# NOTE: This file is ignored when systemd is used as init system #
##################################################################
#
# /etc/default/rcS
#
# Default settings for the scripts in /etc/rcS.d/
#
# For information about these variables see the rcS(5) manual page.
#
# This file belongs to the "initscripts" package.

# delete files in /tmp during boot older than x days.
# '0' means always, -1 or 'infinite' disables the feature
#TMPTIME=0