lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 8 Jun 2015 12:32:51 -0400
From:	Theodore Ts'o <tytso@....edu>
To:	Ikey Doherty <michael.i.doherty@...el.com>
Cc:	linux-ext4@...r.kernel.org
Subject: Re: [PATCH] Support a stateless configuration by default

On Fri, May 22, 2015 at 03:57:00PM +0100, Ikey Doherty wrote: With
> this change, distribution defaults are now read from the
> distribution defaults directory,
> /usr/share/defaults/e2fsprogs. These files are expected to be the
> sensible defaults required for basic operation.
> 
> Site administrators may still override the default configuration by
> placing the files within the site config directory (i.e. /etc) - and
> those configuration values will be read instead. The distribution
> files within the defaults directory are percieved as immutable, and
> as such resiliant to upgrades over time.
> 
> A side effect of this stateless configuration is that a site
> admiministrator is able to reset their configuration to the sane
> defaults by simply removing the files they placed within the site
> configuration directory.
> 
> To users already making use of an altered configuration within /etc,
> this change is transparent and does not affect existing operation.
> 
> The fundamental goal within this change, and stateless itself, is to
> separate OS configuration from the system administrator
> configuration.

I'm willing to take a patch which checks /usr/share/defaults/e2fsprogs
first, but not to install the config file instead of /etc/mke2fs.conf.
This is *not* yet the default, and the vast majority of Linux systems
are still using /etc/mke2fs.conf.  If a particular distribution wants
to use a diferent packaging scheme, that's fine, but until it's the
common case, I'm not going to break existing systems by changing the
default installation location.

That being said, it should also be noted that mke2fs will work just
fine without /etc/mke2fs.conf being present (we take the default
mke2fs.conf and create default_profile.o which gets used if the
default profile isn't present), and we currently don't ship a default
e2fsck.conf file.  So you really don't have to do anything special to
get the stateless setup that you desire.

						- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ