X-Original-To: alpine-aports@mail.alpinelinux.org Delivered-To: alpine-aports@mail.alpinelinux.org Received: from mail.alpinelinux.org (dallas-a1.alpinelinux.org [127.0.0.1]) by mail.alpinelinux.org (Postfix) with ESMTP id 271E4DC00E9 for ; Sat, 17 Oct 2015 14:47:06 +0000 (UTC) Received: from mail-wi0-f180.google.com (mail-wi0-f180.google.com [209.85.212.180]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.alpinelinux.org (Postfix) with ESMTPS id AF8F2DC0082 for ; Sat, 17 Oct 2015 14:47:05 +0000 (UTC) Received: by wicll6 with SMTP id ll6so43438447wic.0 for ; Sat, 17 Oct 2015 07:47:03 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:message-id; bh=2jegX6ppHH6vWnAt8j/uNFi+VN399UQvQEe+sWfXm2A=; b=DywMm56b0KirR1rgThgV4c0D2x28hswzrz/0ckpLcXzjx6nS53/Cj4mm17rciZ/aRB DUwfhS9UJpp3hoJlTyVTlfLABIIqOApWeQCv1TOeRL9DKm3g02errAp30zVa6U8rZg9Q ZaUBsoOgQYCA8032Cezby0i9dTXnCVglBzARe3AhLyn/AwcQRI2jE3QzvZEu9HS3l2Yg TvcmGKJZDZwx58mfAhrYjh/uv10v5v67/llEbly/BBh0vwYxoSPHXNeKjyUoGIklPpo2 6VRXJ1HKXYRGnfpp48SUGgrv9FpA7QFgaEFyI5xBRajbGl0QOJQ+x1ByUfjQYjOHEItY ysNg== X-Gm-Message-State: ALoCoQn7/oVNI/yYZMCf/yquP9PA4lIrggM+MbGWBQvPMEQIO4Sobuu/I7zEsic3BKhW90oYXFMO X-Received: by 10.180.108.110 with SMTP id hj14mr11511432wib.39.1445093223702; Sat, 17 Oct 2015 07:47:03 -0700 (PDT) Received: from localhost (pD95787FB.dip0.t-ipconnect.de. [217.87.135.251]) by smtp.gmail.com with ESMTPSA id it4sm28726728wjb.0.2015.10.17.07.47.02 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 17 Oct 2015 07:47:02 -0700 (PDT) From: Christian Kampka To: alpine-aports@lists.alpinelinux.org Subject: [alpine-aports] main/busybox: split package into core and suid subpackages Date: Sat, 17 Oct 2015 16:46:57 +0200 Message-Id: <1445093218-3450-1-git-send-email-christian@kampka.net> X-Mailer: git-send-email 2.6.1 X-Virus-Scanned: ClamAV using ClamSMTP X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: Hi, since this patch probably needs some explanation, I'd like to give an explanation to why I'd like to see this accepted. The current structure of the busybox packages, which includes the bbsuid binary as well as busybox forces every alpine installation to include the suid binary to provide functionalities like mount, passwd or su. If alpine is run as a chroot or docker container or likewise installation , which is no longer uncommon these days, having suid binaries included in installation should no longer be required and is imo quite undesirable if you think about security. The proposed patch splits the busybox package into two subpackages, busybox-core and busybox-suid. The core package contains everything that is currently included in the busybox package except for the bbsuid binary. This will be shipped via the busybox-suid package. The busybox package will be turned into a metapackage that pulls in busybox-core and busybox-suid, so for most use cases nothing will change except for those installations that desire it explicitly. I am aware that alot of packages currently depend on the busybox package. I think it would be feasable enough to update those step by step to required only the subpackages they really need to depend on (which probably is not or should not be suid in most cases). I'm looking forward to your thoughts. Cheers, Christian --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---