Received: from ncopa-desktop.lan (ti0056a400-2304.bb.online.no [85.167.212.10])
	(Authenticated sender: ncopa@alpinelinux.org)
	by nld3-dev1.alpinelinux.org (Postfix) with ESMTPSA id 0A83B7811D7;
	Tue, 21 Jun 2022 10:04:02 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alpinelinux.org;
	s=smtp; t=1655805842;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=/bRd4o+G9VQ8/bV80FTw2WjWShm8iyiPEHjWhsKEYcM=;
	b=UU0QRcr83Fq2JvYRUyBwcWVLHZENbJKJfYvXXE4I8pWZMiMrfWInxN2esuOmchvfzNdaa5
	ayx/uIv+7QXOhw+oPM2s4FhxErblUPVyOyIPLmswy9ceBc2UEYmm/RyOvueEOtK3oBR2FR
	xk4PN0GG0a89A/sZh20vTdmLR7ArgIY=
Date: Tue, 21 Jun 2022 12:03:59 +0200
From: Natanael Copa <ncopa@alpinelinux.org>
To: Markus Kolb <alpinelinux+develml@tower-net.de>
Cc: Jakub Jirutka <jakub@jirutka.cz>, Konstantin Kulikov
 <k.kulikov2@gmail.com>, Alpine Linux devel ML
 <~alpine/devel@lists.alpinelinux.org>
Subject: Re: Security problem in how you manage users in package
 installations
Message-ID: <20220621120359.19b69bc2@ncopa-desktop.lan>
In-Reply-To: <410fabb4f80a07b9dc91fd67494c23a1@tower-net.de>
References: <22948c2fba2f4882ac4646501fd6ef3f@tower-net.de>
	<CAD+eXGR0gJH5UbrgE=5qvXaNgsRD+17tueooGdSY1NKPLcVrKw@mail.gmail.com>
	<49d7456930f237457bf7f3f5c50f96e4@tower-net.de>
	<CAD+eXGQuATq8yW=LqSoyj04B=-egzfna_R6+9mOXXiiu+owq_A@mail.gmail.com>
	<0ac71bc3-3b4b-a709-96b9-83f40c0c57ab@jirutka.cz>
	<410fabb4f80a07b9dc91fd67494c23a1@tower-net.de>
X-Mailer: Claws Mail 4.1.0 (GTK 3.24.34; x86_64-alpine-linux-musl)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Tue, 21 Jun 2022 10:43:37 +0200
Markus Kolb <alpinelinux+develml@tower-net.de> wrote:

> Am 19.06.2022 18:54, schrieb Jakub Jirutka:
> > Hi,
> >   
> >> I don't agree that admin should be required to manually create 
> >> directories with correct permissions.  
> > 
> > Me neither.
> >   
> 
> Never requested anything like this...
> 
> But rc-scripts shouldn't overwrite permissions in an unsafe manner, and 
> this can only be achieved if they don't modify clandestinely 
> permissions.

Can you please explain what you mean with "an unsafe manner"?

> The directories have to be created with correctly set permissions during 
> package installation.
>
> You can inform the admin during startup that there is something wrong, 
> and the service can not start because of this, which is also expressed 
> by the function name "check...". It doesn't say fix, modify, repair or 
> anything else explaining that this is a mutable process.

What about services that needs write permissions for sockets in
directories under /run, which is a tmpfs and gets wiped each reboot?

Should the admin need to change the permissions for those services
every reboot?

-nc