On Thu, 22 Oct 2015 18:39:30 +0000
Christian Kampka <christian_at_kampka.net> wrote:
> > > The proposed patch splits the busybox package into two subpackages,
> > > busybox-core and busybox-suid. The core package contains everything
> > > that is currently included in the busybox package except for the
> > > bbsuid binary. This will be shipped via the busybox-suid package. The
> > > busybox package will be turned into a metapackage that pulls in
> > > busybox-core and busybox-suid, so for most use cases nothing will
> > > change except for those installations that desire it explicitly.
> > I wonder if we somehow can solve this with totally 2 packages:
> > busybox + busybox-suid
> > instead of totally 3:
> > busybox-core + busybox-suid + busybox.
> I did not go for this option because it introduces a breaking change, but
> it is certainly desirable in the long run. Since 3.3 is now in freeze, it
> may be OK to possibly break dependencies here.
> > We could for example add busybox-suid as a dependency to alpine-base,
> > or assume that busybox-suid is needed if some other package like openrc
> > is installed and have install_if="busybox=$pkgver openrc". I wonder
> > what happens then, if you "apk add !busybox-suid" to opt out?
> Having busybox-suid as a dependency to alpine-base is crucial,
If we can let alpine-base depend on busybox-suid then I think we will
be fine and can probably just drop the busybox-core package.
> but I think
> we need to take care of packages that really require it, eg. mkinitfs
> without suid could lead to really interesting problems.
How? the suid binaries are only:
mkinitfs needs to run as root already so it should not need elevate any
privileges and thus should not need anything suid root.
I think the only things that may need suid are things like ping/ping6
(any scripts using ping?) and interactive use like su and passwd.
I don't think it is simple to find out what packages that actually
needs suid. Even postgresql init.d script uses su but I expect su work
without suid in that case because it will reduce permissions from root
to user 'postgres'.
> Having a metapackage for the transition would soften the blow.
> I don't have the overview yet to really offer a qualified opinion
What I'd like to do is avoid the busbyox-core vs busybox package. If we
introduce the busybox-core package and other packages start depend on
it, then we will have problems getting rid of it in future.
> > I suppose the most critical thing we want avoid is someone end up
> > locked out from remote box due to 'su' not working after an upgrade.
> Yes, definitely.
> Let me know what you decide is the best way to proceed, I'll make the
> necessary modifications to the patch.
> Thanks for reviewing this.
I think, split bbsuid to separate package and adding it as a dependency
to alpine-base should work.
Or am I missing something?
Received on Mon Oct 26 2015 - 09:36:25 GMT