X-Original-To: alpine-aports@mail.alpinelinux.org Delivered-To: alpine-aports@mail.alpinelinux.org Received: from mail.alpinelinux.org (dallas-a1.alpinelinux.org [127.0.0.1]) by mail.alpinelinux.org (Postfix) with ESMTP id 52EACDC01C2 for ; Thu, 22 Oct 2015 16:12:00 +0000 (UTC) Received: from newmail.tetrasec.net (unknown [74.117.189.116]) by mail.alpinelinux.org (Postfix) with ESMTP id 33B8BDC0191 for ; Thu, 22 Oct 2015 16:12:00 +0000 (UTC) Received: from ncopa-laptop (unknown [79.160.13.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: n@tanael.org) by newmail.tetrasec.net (Postfix) with ESMTPSA id 14B425A80D5; Thu, 22 Oct 2015 16:01:29 +0000 (GMT) Date: Thu, 22 Oct 2015 18:11:11 +0200 From: Natanael Copa To: Christian Kampka Cc: alpine-aports@lists.alpinelinux.org Subject: Re: [alpine-aports] main/busybox: split package into core and suid subpackages Message-ID: <20151022181111.5a0f7369@ncopa-laptop> In-Reply-To: <1445093218-3450-1-git-send-email-christian@kampka.net> References: <1445093218-3450-1-git-send-email-christian@kampka.net> X-Mailer: Claws Mail 3.12.0 (GTK+ 2.24.28; x86_64-alpine-linux-musl) X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP On Sat, 17 Oct 2015 16:46:57 +0200 Christian Kampka wrote: > Hi, > > since this patch probably needs some explanation, I'd like to give an > explanation to why I'd like to see this accepted. The current > structure of the busybox packages, which includes the bbsuid binary > as well as busybox forces every alpine installation to include the > suid binary to provide functionalities like mount, passwd or su. If > alpine is run as a chroot or docker container or likewise > installation , which is no longer uncommon these days, having suid > binaries included in installation should no longer be required and is > imo quite undesirable if you think about security. Makes perfect sense. > The proposed patch splits the busybox package into two subpackages, > busybox-core and busybox-suid. The core package contains everything > that is currently included in the busybox package except for the > bbsuid binary. This will be shipped via the busybox-suid package. The > busybox package will be turned into a metapackage that pulls in > busybox-core and busybox-suid, so for most use cases nothing will > change except for those installations that desire it explicitly. I wonder if we somehow can solve this with totally 2 packages: busybox + busybox-suid instead of totally 3: busybox-core + busybox-suid + busybox. We could for example add busybox-suid as a dependency to alpine-base, or assume that busybox-suid is needed if some other package like openrc is installed and have install_if="busybox=$pkgver openrc". I wonder what happens then, if you "apk add !busybox-suid" to opt out? I suppose the most critical thing we want avoid is someone end up locked out from remote box due to 'su' not working after an upgrade. > I am aware that alot of packages currently depend on the busybox > package. I think it would be feasable enough to update those step by > step to required only the subpackages they really need to depend on > (which probably is not or should not be suid in most cases). > > I'm looking forward to your thoughts. > > Cheers, > Christian > > > > --- > Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org > Help: alpine-aports+help@lists.alpinelinux.org > --- > --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---