From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6449247988281769984 X-Received: by 10.99.95.76 with SMTP id t73mr15918407pgb.227.1501660094662; Wed, 02 Aug 2017 00:48:14 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 10.36.40.197 with SMTP id h188ls2529672ith.19.gmail; Wed, 02 Aug 2017 00:48:14 -0700 (PDT) X-Received: by 10.237.46.228 with SMTP id k91mr9853571qtd.116.1501660094291; Wed, 02 Aug 2017 00:48:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501660094; cv=none; d=google.com; s=arc-20160816; b=LNR8gzUtWdu3Y5hghs4wzd4atFtiyo5yOMEcq1ZLZc80ByH4UGpWWCEqKC5iI9NaRQ Qi4NYFll8v0cVsiHSVStbyFkE0MJCmlD9C8x25f7uvLN6Tq2iljdNXGBzcVPaqwMq8n5 OwsHjJzezdteiinPTpRVAETseWa3U7b5zGFjEyrhL9pv59GifbIOQ4SMjC8Zm541qtlD O5Vr6oDbSnBZBpCtOcc8h0pa/gR9JzeWA3E+BFhKre/htkwZDHGaQpk8PGetOiXpLPh5 bxr2iKdXDgs8MpmpTWhX/fUhp0BVauvF4+YWfujZ7G1X4f7X5E6Pqp2Nj1rFCl697rgr tSUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:dkim-signature:arc-authentication-results; bh=AaxBEfwYNHmoRXKAq9mkNxueZTyW0oNAmIIEcbaK4cw=; b=jhCjFwQX4zS5YxewpTS/QD0gqKw7yvsi9KTz9vXfbHccz3KpqqY1RtOJ/BxsODYPbU lZHROVYZ39G2cL4NQr5ZxifoLpk8mxjIracJRodMRylQlxHMekPFUuKSMfa06o+9268z /xsserr3sD2KSe+ph0gTBgrCxDgU6iHuXcVfqLl3WOPvdaIW07aC8GyFtr7dgq4UlCeQ YGXBGwIY5bZ9NDlabsUPZ68NxauGaC1ofJ7QaIalJBvQwwg1uMpn3DQzWRXK8kXgRrtz K682lwdxJ3DzaQpWNjgTEHnNaDtDIRuWLc3K3463OyLNwkuPCTe0lhRn2YuSPirIkQJq yIew== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.b=QKO4oxwJ; spf=pass (google.com: domain of alex.bluesman.smirnov@gmail.com designates 2607:f8b0:400d:c0d::241 as permitted sender) smtp.mailfrom=alex.bluesman.smirnov@gmail.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Return-Path: Received: from mail-qt0-x241.google.com (mail-qt0-x241.google.com. [2607:f8b0:400d:c0d::241]) by gmr-mx.google.com with ESMTPS id p205si832259ywg.0.2017.08.02.00.48.14 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 02 Aug 2017 00:48:14 -0700 (PDT) Received-SPF: pass (google.com: domain of alex.bluesman.smirnov@gmail.com designates 2607:f8b0:400d:c0d::241 as permitted sender) client-ip=2607:f8b0:400d:c0d::241; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.b=QKO4oxwJ; spf=pass (google.com: domain of alex.bluesman.smirnov@gmail.com designates 2607:f8b0:400d:c0d::241 as permitted sender) smtp.mailfrom=alex.bluesman.smirnov@gmail.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: by mail-qt0-x241.google.com with SMTP id t37so3867863qtg.2 for ; Wed, 02 Aug 2017 00:48:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=AaxBEfwYNHmoRXKAq9mkNxueZTyW0oNAmIIEcbaK4cw=; b=QKO4oxwJA6t7f6nfY7jXNhKBR6ST8tUHLc4IxAZBYsMj3Rdow/qYgIq1o5dCMX99Ad VH9B4NlWGD22jaUX1hdqpgdz0jc4zZUiSKEKBUmMot0FDyYyBXZU5kb2cX9NZ9t+PY8w 7jFUxw4CpYLUDf/j7Dh424EMGH5E1qlI257SL727613VBOCNq+GHuDY3+WkMvAefnKR0 iW8bnK33AsqndCPbM8PgmgwWOJkK/TEpEFRS8Zz8uZZG2vVy5prp9gyxvtEqEovYgj4A GpiyVjQJSPUfHU1m+2VtxZ/tuH5986W99ux9TsvmuOFbhL3ceDn4GTlwrrG2wMTfI3we MiAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=AaxBEfwYNHmoRXKAq9mkNxueZTyW0oNAmIIEcbaK4cw=; b=SnyzpyKNw4+mu90DHdSjlchf2j4+mBhL0RsThCh756zVqpzd5nn0dUrC/c24Z38VoJ 3wB5ncRChv4ojelIbFZjkCh4tjhj2zAzboTqYWauw2LT5NFbA6id0+3nAWjC0zVfaBoD szDajyg+714KwgVp4Q+BfNISiK4LyB06atfCGTo/Ll2BF5XBWknEZjGr4Qh48p4C9ga1 ncONH9BG3Nnutowv34She+f99BIwpRzPyxbs187S99lns23/E14G6B0m0du03IhO36Do otgrf6gM/6SH92dmWKD7fTOMqdp6xO/Le8m9X3/tkBXNlr4S1JAC+wudgmq6mUVIh6OP 25Lg== X-Gm-Message-State: AIVw1103JP/oIafAyHkoQg/dZYJ/el/zpHOpq+syrZiLwgOQKT/nKx+x dcI4F/Iz6sI0x7wASdZFpuOFFYkjDTyu X-Received: by 10.237.37.107 with SMTP id w40mr29434500qtc.14.1501660093931; Wed, 02 Aug 2017 00:48:13 -0700 (PDT) MIME-Version: 1.0 Received: by 10.12.148.188 with HTTP; Wed, 2 Aug 2017 00:48:13 -0700 (PDT) In-Reply-To: <5e98880f61dba959ada0c9bc8feca65b0a5760e5.1501582237.git.henning.schild@siemens.com> References: <5e98880f61dba959ada0c9bc8feca65b0a5760e5.1501582237.git.henning.schild@siemens.com> From: Alexander Smirnov Date: Wed, 2 Aug 2017 10:48:13 +0300 Message-ID: Subject: Re: [PATCH 01/16] meta: ext4-img: copy and keep attributes, always copy with sudo To: Henning Schild Cc: isar-users@googlegroups.com Content-Type: multipart/alternative; boundary="001a1142126a78e8440555c07c92" X-TUID: wfzeOlrNM9pk --001a1142126a78e8440555c07c92 Content-Type: text/plain; charset="UTF-8" Hi, 2017-08-01 13:17 GMT+03:00 Henning Schild : > Some security enhancing packages can cause our initrd to be not readable > by a normal user. So we need to copy with sudo. > Please be more explicit which packages, it'd be nice to have examples here in the commit message. In general Isar follows the way to reduce usage of 'sudo' as much as possible, so every new entry should have good reasons. > Also regular cp would destroy ownership and other attributes of files, > possibly creating problems in the future. > Also an example is highly appreciated. > > Signed-off-by: Henning Schild > --- > meta/classes/ext4-img.bbclass | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/meta/classes/ext4-img.bbclass b/meta/classes/ext4-img.bbclass > index 65d4c11..6dc2039 100644 > --- a/meta/classes/ext4-img.bbclass > +++ b/meta/classes/ext4-img.bbclass > @@ -21,16 +21,16 @@ do_ext4_image() { > > mkdir -p ${WORKDIR}/mnt > sudo mount -o loop ${EXT4_IMAGE_FILE} ${WORKDIR}/mnt > - sudo cp -r ${S}/* ${WORKDIR}/mnt > + sudo cp -a ${S}/* ${WORKDIR}/mnt > sudo umount ${WORKDIR}/mnt > rm -r ${WORKDIR}/mnt > > if [ -n "${KERNEL_IMAGE}" ]; then > - cp ${S}/boot/${KERNEL_IMAGE} ${DEPLOY_DIR_IMAGE} > + sudo cp -a ${S}/boot/${KERNEL_IMAGE} ${DEPLOY_DIR_IMAGE} > 1. Ideally DEPLOY_DIR_IMAGE should not contain files with root permissions, the only multistrap filesystems should require them. Any spread of sudo significantly increases the probability to damage host system. Also I don't see the reason to keep kernel image undo supervisor permissions. 2. If KERNEL_IMAGE is symbolic link, 'cp -a' will copy symlink only. > fi > > if [ -n "${INITRD_IMAGE}" ]; then > - cp ${S}/boot/${INITRD_IMAGE} ${DEPLOY_DIR_IMAGE} > + sudo cp -a ${S}/boot/${INITRD_IMAGE} ${DEPLOY_DIR_IMAGE} > fi > I think that closed initrd is more private case than mainstream. Can we cosider possibility to implement this as optional security feature? > } > > -- > 2.13.0 > > -- > You received this message because you are subscribed to the Google Groups > "isar-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to isar-users+unsubscribe@googlegroups.com. > To post to this group, send email to isar-users@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/isar-users/5e98880f61dba959ada0c9bc8feca65b0a5760e5.1501582237.git. > henning.schild%40siemens.com. > For more options, visit https://groups.google.com/d/optout. > --001a1142126a78e8440555c07c92 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,=C2=A0

2017-08-01 13:17 GMT+03:00 Hennin= g Schild <henning.schild@siemens.com>:
Some security enhancing packages c= an cause our initrd to be not readable
by a normal user. So we need to copy with sudo.

Please be more explicit which packages, it'd be nice to have e= xamples here in the commit message.
In general Isar follows the w= ay to reduce usage of 'sudo' as much as possible, so every new entr= y should have good reasons.
=C2=A0
Also regular cp would destroy ownership and other attributes of files,
possibly creating problems in the future.

Also an example is highly appreciated.
=C2=A0

Signed-off-by: Henning Schild <henning.schild@siemens.com>
---
=C2=A0meta/classes/ext4-img.bbclass | 6 +++---
=C2=A01 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/classes/ext4-img.bbclass b/meta/classes/ext4-img.bbclass
index 65d4c11..6dc2039 100644
--- a/meta/classes/ext4-img.bbclass
+++ b/meta/classes/ext4-img.bbclass
@@ -21,16 +21,16 @@ do_ext4_image() {

=C2=A0 =C2=A0 =C2=A0mkdir -p ${WORKDIR}/mnt
=C2=A0 =C2=A0 =C2=A0sudo mount -o loop ${EXT4_IMAGE_FILE} ${WORKDIR}/mnt -=C2=A0 =C2=A0 sudo cp -r ${S}/* ${WORKDIR}/mnt
+=C2=A0 =C2=A0 sudo cp -a ${S}/* ${WORKDIR}/mnt
=C2=A0 =C2=A0 =C2=A0sudo umount ${WORKDIR}/mnt
=C2=A0 =C2=A0 =C2=A0rm -r ${WORKDIR}/mnt

=C2=A0 =C2=A0 =C2=A0if [ -n "${KERNEL_IMAGE}" ]; then
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 cp ${S}/boot/${KERNEL_IMAGE} ${DEPLOY_DIR_IMAG= E}
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 sudo cp -a ${S}/boot/${KERNEL_IMAGE} ${DEPLOY_= DIR_IMAGE}

1. Ideally DEPLOY_DIR_IMAGE = should not contain files with root permissions, the only multistrap filesys= tems should require them. Any spread of sudo significantly increases the pr= obability to damage host system. Also I don't see the reason to keep ke= rnel image undo supervisor permissions.
2. If KERNEL_IMAGE is= symbolic link, 'cp -a' will copy symlink only.
=C2=A0
=C2=A0 =C2=A0 =C2=A0fi

=C2=A0 =C2=A0 =C2=A0if [ -n "${INITRD_IMAGE}" ]; then
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 cp ${S}/boot/${INITRD_IMAGE} ${DEPLOY_DIR_IMAG= E}
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 sudo cp -a ${S}/boot/${INITRD_IMAGE} ${DEPLOY_= DIR_IMAGE}
=C2=A0 =C2=A0 =C2=A0fi

I think that clo= sed initrd is more private case than mainstream. Can we cosider possibility= to implement this as optional security feature?
=C2=A0
=C2=A0}

--
2.13.0

--
You received this message because you are subscribed to the Google Groups &= quot;isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to isar-u= sers+unsubscribe@googlegroups.com.
To post to this group, send email to isar-users@googlegroups.com.
To view this discussion on the web visit https= ://groups.google.com/d/msgid/isar-users/5e98880f61dba959ada0c9bc8= feca65b0a5760e5.1501582237.git.henning.schild%40siemens.com.<= br> For more options, visit https://groups.google.com/d/optout.

--001a1142126a78e8440555c07c92--