From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,NICE_REPLY_A,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 16510 invoked from network); 24 Feb 2021 18:48:46 -0000 Received: from minnie.tuhs.org (45.79.103.53) by inbox.vuxu.org with ESMTPUTF8; 24 Feb 2021 18:48:46 -0000 Received: by minnie.tuhs.org (Postfix, from userid 112) id 4DD9C9C73E; Thu, 25 Feb 2021 04:48:42 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id 222AC9C6CE; Thu, 25 Feb 2021 04:48:25 +1000 (AEST) Authentication-Results: minnie.tuhs.org; dkim=fail reason="signature verification failed" (1024-bit key; secure) header.d=tnetconsulting.net header.i=@tnetconsulting.net header.b="osNoUZam"; dkim-atps=neutral Received: by minnie.tuhs.org (Postfix, from userid 112) id 37CF89C6CE; Thu, 25 Feb 2021 04:48:23 +1000 (AEST) Received: from tncsrv06.tnetconsulting.net (tncsrv06.tnetconsulting.net [45.33.28.24]) by minnie.tuhs.org (Postfix) with ESMTPS id 977209BA4D for ; Thu, 25 Feb 2021 04:48:22 +1000 (AEST) Received: from Contact-TNet-Consulting-Abuse-for-assistance by tncsrv06.tnetconsulting.net (8.15.2/8.15.2/Debian-3) with ESMTPSA id 11OImLR4004062 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Wed, 24 Feb 2021 12:48:22 -0600 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=tnetconsulting.net; s=2019; t=1614192502; bh=6wHGbA4PTF6otd8Xy8ZdRQLu4Irf98ubHDJjRgFsO6Y=; h=Subject:To:References:From:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type:Cc:Content-Disposition: Content-Language:Content-Transfer-Encoding:Content-Type:Date:From: In-Reply-To:Message-ID:MIME-Version:References:Reply-To: Resent-Date:Resent-From:Resent-To:Resent-Cc:Sender:Subject:To: User-Agent; b=osNoUZamvtcdZc+6pVpxjhP7v6mJMQjjjhAbeHnfMDpS8qMhNqegt/lOQhVpgfq+m Am6i58cFsZOgmV9LSlkZaPrCsNxO9E5s6A6Ct6kSDnT8I8C0/OR1/DHSC9dl7AGAeZ xbXoJVTDHgq01porEsdjgAy5tqaZR/2TvH/UaHtg= To: tuhs@minnie.tuhs.org References: <78fede43-bf9b-5a56-5e59-e6ee5a0ee23d@spamtrap.tnetconsulting.net> <3d2d7b46-41e8-92d7-3a7b-d0f3006bc761@spamtrap.tnetconsulting.net> <3e41de9a-aaa3-0501-12e4-a99b589192f4@spamtrap.tnetconsulting.net> Organization: TNet Consulting Message-ID: <72c21fbb-7477-9b42-741b-88da1ae8919f@spamtrap.tnetconsulting.net> Date: Wed, 24 Feb 2021 11:48:28 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms080802000507000305070404" Subject: Re: [TUHS] /usr separation X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Grant Taylor via TUHS Reply-To: Grant Taylor Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" This is a cryptographically signed message in MIME format. --------------ms080802000507000305070404 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 2/24/21 11:37 AM, Theodore Ts'o wrote: > Oh, sure. I agree completely that it's 180 degrees from the original=20 > golden rule; it had intended to be a joke. Unfortunately, years of=20 > living in a country whre the ones with the Gold really do make all=20 > of the Rules has gotten me to the point where if I don't laugh at it,=20 > I would have to cry.... When colleagues would say "you would think" or "I've been thinking" or=20 the likes, with "We don't do that! The logo does it for us!" when=20 dealing with IBM shenanigans. Again, laugh, lest I cry. > So technically it doesn't wipe out UEFI; it just will destroy the=20 > ability to boot the system. (e.g., this is where Grub lives, and if=20 > you delete it, UEFI will no longer be able to launch Grub, and hence,=20 > not boot Linux.) ACK Either way, it causes someone to have a Bad Day=E2=84=A2. > Fortunately, if you have a rescue CD / USB Thumb drive, it's relatively= =20 > easy to recover from this. And now we're back towards the start of this (sub)thread of a system=20 being able to boot strap itself or not. > A rogue rm which deletes /bin (even if /bin is a symlink to /usr/bin,=20 > all of the shell scripts and /etc/passwd entries probably still refer=20 > to /bin/sh) is going to make the system similarly unbootable. Agreed. Though I think there is a difference in containing the damage to the OS=20 vs going beyond it and damaging the firmware configuration. > As far as making a system more robust against rogue rm's, I really=20 > like scheme used by ChromeOS, where the entire file system is=20 > not only read-only, but protected by a cryptographic Merkle Tree=20 > such that if malware attempts to modify it, the system will crash.=20 > This is combined with firmware which will only load a kernel with a=20 > valid digital signature, and the user data is stored on an encrypted=20 > file system mounted on /mnt/stateful_partition and it is the only=20 > file system mounted read/write on a ChromeOS system. It violates=20 > a lot of expectations about where files should live on a "normal"=20 > Unix or Linux system, but it's defnitely way more safe and secure. I've not looked at Chrome OS or how it does things because of my dislike = for actually /using/ it. However, it sounds like it's worth popping the = hood and looking at things. > For now, as far as I know, Debian still supports a 486 (or i386 with=20 > an i387 co-processor, which was my first Linux system). But yes,=20 > it is very likely, absent people showing up to volunteer to support=20 > 32-bit userspace at Debian (e.g., ongoing security updates, support=20 > for the i386 build farm, reporting and triaging build failures of=20 > packages on i386, etc.), that the i386 arch will probably get dropped=20 > after Debian Bullseye release (which will probably happpen sometime=20 > in mid-2021 if I had to guess). I don't know how quickly 32-bit will disappear. I think the embedded=20 market and other non-i386 32-bit platforms will likely keep 32-bit code=20 around for a while yet. At least user space application code. Maybe=20 the i386 kernel code will languish ~> bit rot. Or worse, get in the way = of maintaining 64-bit code and thereby be ejected. > I'm not sure there are any 486's around any more, and it's likely most = > uses of systems with i386 binaries are on 64-bit processors running=20 > in 32-bit mode, so 486 vs 586 is probably not all that important in=20 > the grand scheme of things. =C2=AF\_(=E3=83=84)_/=C2=AF --=20 Grant. . . . unix || die --------------ms080802000507000305070404 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC CzkwggUhMIIECaADAgECAhA/wgXwQl9mDHSg5enGHBeSMA0GCSqGSIb3DQEBCwUAMIGWMQsw CQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxm b3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxPjA8BgNVBAMTNVNlY3RpZ28gUlNBIENs aWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBMB4XDTIwMTExNjAwMDAw MFoXDTIxMTExNjIzNTk1OVowKzEpMCcGCSqGSIb3DQEJARYaZ3RheWxvckB0bmV0Y29uc3Vs dGluZy5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM6cGNMlSUFPM3zVw+ VgSslz2QRtMj+FerQ0DpmgbhUzqm5hMRe0hMA2OBf41HDAeOV0RKcLx2+HozHlyQST2xagOX xiv91aEXezh8bEBfnOI564Ej/JfusomfoM7ByVXcLp3K3fOssHos6IXiAD6WT+jcRs7Cg+Gl bYyoDLDLXw4i/N+YRcp3JrwT+4g/i//wAea1qTEd+ZnfcqtvCHaiJrr16xEpzuraLcmH5qtN /c+5kkRN3zpJvQvPX7fMBdxiSjb/cb070DC1RIO+THkhQqJ4bxHhrwcvC5RME0iwnSo52a/i FSNzciw/SM37F5tMTjDs+F6iUT85K2IWyGkpAgMBAAGjggHTMIIBzzAfBgNVHSMEGDAWgBQJ wPL8C9qU21/+K9+omULPyeCtADAdBgNVHQ4EFgQU9SQ1EWwdWU0yBrPcbiR81rwNThUwDgYD VR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUF BwMCMEAGA1UdIAQ5MDcwNQYMKwYBBAGyMQECAQEBMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8v c2VjdGlnby5jb20vQ1BTMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwuc2VjdGlnby5j b20vU2VjdGlnb1JTQUNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmww gYoGCCsGAQUFBwEBBH4wfDBVBggrBgEFBQcwAoZJaHR0cDovL2NydC5zZWN0aWdvLmNvbS9T ZWN0aWdvUlNBQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFpbENBLmNydDAjBggr BgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wJQYDVR0RBB4wHIEaZ3RheWxvckB0 bmV0Y29uc3VsdGluZy5uZXQwDQYJKoZIhvcNAQELBQADggEBABWLZrz0NricNKP3jS03B7lH KNfBetFHWlaarCghIjhyA3yoXizPMP1wsY+ARMT22BKNVmLlP1CvDoLuEQbThvT5hRa7HPc2 2yVX6MkgSZByW2xrkhKGAIdtl+mELX27GZM+xe+k84OO1hA0Egyha2gg0UWlAiTGkIYjNLg0 6zg1QP7Bj4P/19hbi8Z9FFu38CztkgKZPSKMV3kPxZopa/mOWOQXxHcs03Ph/qnwj5HfkeWI WE7TARmmU7w8AoxEONC1tB6bsdX3M+4YVbgwgiihhiVGflHfGI4bgKkuN4sqesRnX8C9mvv5 o7dYJe4kKuv0ZeIj8x1Hh2PGvn7GuRgwggYQMIID+KADAgECAhBNlCwQ1DvglAnFgS06KwZP MA0GCSqGSIb3DQEBDAUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEU MBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEu MCwGA1UEAxMlVVNFUlRydXN0IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xODEx MDIwMDAwMDBaFw0zMDEyMzEyMzU5NTlaMIGWMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExp bWl0ZWQxPjA8BgNVBAMTNVNlY3RpZ28gUlNBIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQg U2VjdXJlIEVtYWlsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjztlApB /975Rrno1jvm2pK/KxBOqhq8gr2+JhwpKirSzZxQgT9tlC7zl6hn1fXjSo5MqXUfItMltrMa XqcESJuK8dtK56NCSrq4iDKaKq9NxOXFmqXX2zN8HHGjQ2b2Xv0v1L5Nk1MQPKA19xeWQcpG EGFUUd0kN+oHox+L9aV1rjfNiCj3bJk6kJaOPabPi2503nn/ITX5e8WfPnGw4VuZ79Khj1YB rf24k5Ee1sLTHsLtpiK9OjG4iQRBdq6Z/TlVx/hGAez5h36bBJMxqdHLpdwIUkTqT8se3ed0 PewDch/8kHPo5fZl5u1B0ecpq/sDN/5sCG52Ds+QU5O5EwIDAQABo4IBZDCCAWAwHwYDVR0j BBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFAnA8vwL2pTbX/4r36iZQs/J 4K0AMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdJQQWMBQGCCsG AQUFBwMCBggrBgEFBQcDBDARBgNVHSAECjAIMAYGBFUdIAAwUAYDVR0fBEkwRzBFoEOgQYY/ aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdFJTQUNlcnRpZmljYXRpb25BdXRo b3JpdHkuY3JsMHYGCCsGAQUFBwEBBGowaDA/BggrBgEFBQcwAoYzaHR0cDovL2NydC51c2Vy dHJ1c3QuY29tL1VTRVJUcnVzdFJTQUFkZFRydXN0Q0EuY3J0MCUGCCsGAQUFBzABhhlodHRw Oi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEBDAUAA4ICAQBBRHUAqznCFfXejpVt MnFojADdF9d6HBA4kMjjsb0XMZHztuOCtKF+xswhh2GqkW5JQrM8zVlU+A2VP72Ky2nlRA1G wmIPgou74TZ/XTarHG8zdMSgaDrkVYzz1g3nIVO9IHk96VwsacIvBF8JfqIs+8aWH2PfSUrN xP6Ys7U0sZYx4rXD6+cqFq/ZW5BUfClN/rhk2ddQXyn7kkmka2RQb9d90nmNHdgKrwfQ49mQ 2hWQNDkJJIXwKjYA6VUR/fZUFeCUisdDe/0ABLTI+jheXUV1eoYV7lNwNBKpeHdNuO6Aacb5 33JlfeUHxvBz9OfYWUiXu09sMAviM11Q0DuMZ5760CdO2VnpsXP4KxaYIhvqPqUMWqRdWyn7 crItNkZeroXaecG03i3mM7dkiPaCkgocBg0EBYsbZDZ8bsG3a08LwEsL1Ygz3SBsyECa0waq 4hOf/Z85F2w2ZpXfP+w8q4ifwO90SGZZV+HR/Jh6rEaVPDRF/CEGVqR1hiuQOZ1YL5ezMTX0 ZSLwrymUE0pwi/KDaiYB15uswgeIAcA6JzPFf9pLkAFFWs1QNyN++niFhsM47qodx/PL+5jR 87myx5uYdBEQkkDc+lKB1Wct6ucXqm2EmsaQ0M95QjTmy+rDWjkDYdw3Ms6mSWE3Bn7i5Zgt wCLXgAIe5W8mybM2JzGCBDIwggQuAgEBMIGrMIGWMQswCQYDVQQGEwJHQjEbMBkGA1UECBMS R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdv IExpbWl0ZWQxPjA8BgNVBAMTNVNlY3RpZ28gUlNBIENsaWVudCBBdXRoZW50aWNhdGlvbiBh bmQgU2VjdXJlIEVtYWlsIENBAhA/wgXwQl9mDHSg5enGHBeSMA0GCWCGSAFlAwQCAQUAoIIC VzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjQxODQ4 MjhaMC8GCSqGSIb3DQEJBDEiBCBvfdEHb2y9lZuYOGeU7fNag7f3eBxn+5WSV1xXzrsYKzBs BgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcw DgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEo MIG8BgkrBgEEAYI3EAQxga4wgaswgZYxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVy IE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRl ZDE+MDwGA1UEAxM1U2VjdGlnbyBSU0EgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1 cmUgRW1haWwgQ0ECED/CBfBCX2YMdKDl6cYcF5Iwgb4GCyqGSIb3DQEJEAILMYGuoIGrMIGW MQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdT YWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxPjA8BgNVBAMTNVNlY3RpZ28gUlNB IENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhA/wgXwQl9mDHSg 5enGHBeSMA0GCSqGSIb3DQEBAQUABIIBAJJtw3x+VGMLqbhekuLCyAxHfIPfN4HPE9tFIy5+ j1qaGXKAPLGzRc5yj35QvgqJlrdKwswbFaMtYWTpPV7L0cRzxtCXABVCKqkJ5CT709MlusLH Ytp0rGoUK4EIH4OK+6gCxprxbHobHknzQsRfVw/FiYC8NiG8IR9QmStFdHqwIxhGzqSV+vVA hatQvVEyJc+7WmA7ff7a/gzIafekZt7vS2IFXXt4x7PCiSYETyXjUpWD88XEuPbHHolWGt0S BKNDWGD0r4k2+iAv2ymsKZZmUNk4JrxN6VLRRo9WiW+7Ngw70ayKDZsvaySEUlAph1oviiCQ DQ3wolQjAbd/wzkAAAAAAAA= --------------ms080802000507000305070404--