* [Buildroot] [PATCH] package/systemd: reenable utmp support
@ 2023-01-17 20:56 Casey Reeves
2023-01-17 23:47 ` Norbert Lange
2023-01-18 19:49 ` [Buildroot] [PATCH v2] " Casey Reeves
0 siblings, 2 replies; 4+ messages in thread
From: Casey Reeves @ 2023-01-17 20:56 UTC (permalink / raw)
To: buildroot; +Cc: Norbert Lange, Sen Hastings, Yann E. MORIN
This patch re-enables utmp support. This was originally disabled as it
showed information about other users on the system, but this information
can be found in other ways by a snoopy user (ps, journalctl, loginctl,
top)...
More importantly, this behaviour causes tools like uptime and
who to falsely state 0 users are logged in. Revert it to fix those
applications, as it can be very confusing and is not improving security.
See commit 32f53bdfb482d0d78308e548c654898089b5c183.
Signed-off-by: Casey Reeves <casey@xogium.me>
---
package/systemd/systemd.mk | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
index b96873b73f..92b80dcf6e 100644
--- a/package/systemd/systemd.mk
+++ b/package/systemd/systemd.mk
@@ -87,8 +87,7 @@ SYSTEMD_CONF_OPTS += \
-Dtelinit-path= \
-Dtests=false \
-Dtmpfiles=true \
- -Dumount-path=/usr/bin/umount \
- -Dutmp=false
+ -Dumount-path=/usr/bin/umount
SYSTEMD_CFLAGS = $(TARGET_CFLAGS)
ifeq ($(BR2_OPTIMIZE_FAST),y)
--
2.39.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH] package/systemd: reenable utmp support
2023-01-17 20:56 [Buildroot] [PATCH] package/systemd: reenable utmp support Casey Reeves
@ 2023-01-17 23:47 ` Norbert Lange
2023-01-18 19:49 ` [Buildroot] [PATCH v2] " Casey Reeves
1 sibling, 0 replies; 4+ messages in thread
From: Norbert Lange @ 2023-01-17 23:47 UTC (permalink / raw)
To: Casey Reeves; +Cc: Sen Hastings, Yann E. MORIN, buildroot
[-- Attachment #1.1: Type: text/plain, Size: 2365 bytes --]
On Tue, 17 Jan 2023, 21:57 Casey Reeves, <casey@xogium.me> wrote:
> This patch re-enables utmp support. This was originally disabled as it
> showed information about other users on the system, but this
> information
> can be found in other ways by a snoopy user (ps, journalctl, loginctl,
> top)...
>
The smart thing to do would be to use those other ways - because they are
more secure and don't have assumptions that dont hold nowadays (containers
and other isolation methods).
> More importantly, this behaviour causes tools like uptime and
> who to falsely state 0 users are logged in. Revert it to fix those
> applications, as it can be very confusing and is not improving
> security.
>
That's kinda like saying running a webserver on win95 is not a security
risk, because I can run a webserver on Linux too. The problem is not what,
but how.
The gist of the issue is, that you require multiple programs to read and
-modify-write a single file, this is opening race conditions, permission
problems and those security risks.
Buildroot is not a everything-and-the-kitchensink distro, for comparison
alpine has stubs that redirect /run/utmp to /dev/null, basically because
you can't solve this in a good way without a demon [1].
Maybe it would be sound to add symlinks to /dev/null, mimicking alpine, so
uptime should work.
Other than that, bringing in utmps first, and making -Dutmp
configurable/optional would be better.
There is not much use for utmp, and I would object to enabling it
unconditional.
[1] -
https://wiki.musl-libc.org/faq.html#Q:_Why_is_the_utmp/wtmp_functionality_only_implemented_as_stubs
?
See commit 32f53bdfb482d0d78308e548c654898089b5c183.
>
> Signed-off-by: Casey Reeves <casey@xogium.me>
> ---
> package/systemd/systemd.mk | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
> index b96873b73f..92b80dcf6e 100644
> --- a/package/systemd/systemd.mk
> +++ b/package/systemd/systemd.mk
> @@ -87,8 +87,7 @@ SYSTEMD_CONF_OPTS += \
> -Dtelinit-path= \
> -Dtests=false \
> -Dtmpfiles=true \
> - -Dumount-path=/usr/bin/umount \
> - -Dutmp=false
> + -Dumount-path=/usr/bin/umount
>
> SYSTEMD_CFLAGS = $(TARGET_CFLAGS)
> ifeq ($(BR2_OPTIMIZE_FAST),y)
> --
> 2.39.0
>
Norbert
>
[-- Attachment #1.2: Type: text/html, Size: 4453 bytes --]
[-- Attachment #2: Type: text/plain, Size: 150 bytes --]
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH v2] package/systemd: reenable utmp support
2023-01-17 20:56 [Buildroot] [PATCH] package/systemd: reenable utmp support Casey Reeves
2023-01-17 23:47 ` Norbert Lange
@ 2023-01-18 19:49 ` Casey Reeves
2023-01-21 18:07 ` Yann E. MORIN
1 sibling, 1 reply; 4+ messages in thread
From: Casey Reeves @ 2023-01-18 19:49 UTC (permalink / raw)
To: buildroot; +Cc: Norbert Lange, Yann E. MORIN, Sen Hastings
This patch provides a way to enable utmp support when using systemd,
with it disabled by default, as some security concerns may apply. Still,
there are cases where having utmp is desirable, even though it is rare,
so let's make this configurable.
See commit 32f53bdfb482d0d78308e548c654898089b5c183.
Signed-off-by: Casey Reeves <casey@xogium.me>
---
Changes v1 -> v2:
- Make this a configurable option rather than hardcode it to forcefully
disabled or enabled
---
package/systemd/Config.in | 16 ++++++++++++++++
package/systemd/systemd.mk | 9 +++++++--
2 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/package/systemd/Config.in b/package/systemd/Config.in
index 45a9e2d644..daa72b65b1 100644
--- a/package/systemd/Config.in
+++ b/package/systemd/Config.in
@@ -518,6 +518,22 @@ config BR2_PACKAGE_SYSTEMD_USERDB
https://www.freedesktop.org/software/systemd/man/systemd-userdbd.service.html
+config BR2_PACKAGE_SYSTEMD_UTMP
+ bool "enable utmp support"
+ help
+ When this feature is selected, systemd will manage the
+ support of utmp.
+
+ Utmp keeps track of what users do on the system (where they
+ logged from, on which terminal, ...) along with a general
+ status of the system (list of reboots, current uptime, current
+ number of users logged in).
+
+ You should only enable this if your system requires actual
+ users to log in.
+
+ https://man7.org/linux/man-pages/man5/utmp.5.html
+
config BR2_PACKAGE_SYSTEMD_VCONSOLE
bool "enable vconsole tool"
default y
diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
index b96873b73f..f191542866 100644
--- a/package/systemd/systemd.mk
+++ b/package/systemd/systemd.mk
@@ -87,8 +87,7 @@ SYSTEMD_CONF_OPTS += \
-Dtelinit-path= \
-Dtests=false \
-Dtmpfiles=true \
- -Dumount-path=/usr/bin/umount \
- -Dutmp=false
+ -Dumount-path=/usr/bin/umount
SYSTEMD_CFLAGS = $(TARGET_CFLAGS)
ifeq ($(BR2_OPTIMIZE_FAST),y)
@@ -331,6 +330,12 @@ else
SYSTEMD_CONF_OPTS += -Dbinfmt=false
endif
+ifeq ($(BR2_PACKAGE_SYSTEMD_UTMP),y)
+SYSTEMD_CONF_OPTS += -Dutmp=true
+else
+SYSTEMD_CONF_OPTS += -Dutmp=false
+endif
+
ifeq ($(BR2_PACKAGE_SYSTEMD_VCONSOLE),y)
SYSTEMD_CONF_OPTS += -Dvconsole=true
else
--
2.39.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH v2] package/systemd: reenable utmp support
2023-01-18 19:49 ` [Buildroot] [PATCH v2] " Casey Reeves
@ 2023-01-21 18:07 ` Yann E. MORIN
0 siblings, 0 replies; 4+ messages in thread
From: Yann E. MORIN @ 2023-01-21 18:07 UTC (permalink / raw)
To: Casey Reeves; +Cc: Norbert Lange, Sen Hastings, buildroot
Casey, All,
On 2023-01-18 20:49 +0100, Casey Reeves spake thusly:
> This patch provides a way to enable utmp support when using systemd,
> with it disabled by default, as some security concerns may apply. Still,
> there are cases where having utmp is desirable, even though it is rare,
> so let's make this configurable.
>
> See commit 32f53bdfb482d0d78308e548c654898089b5c183.
>
> Signed-off-by: Casey Reeves <casey@xogium.me>
I've extended the help text with the actual blurb from the systemd-utmp
manpage, and a reference to the upstream URL, like for the other
configurable items.
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> Changes v1 -> v2:
> - Make this a configurable option rather than hardcode it to forcefully
> disabled or enabled
> ---
> package/systemd/Config.in | 16 ++++++++++++++++
> package/systemd/systemd.mk | 9 +++++++--
> 2 files changed, 23 insertions(+), 2 deletions(-)
>
> diff --git a/package/systemd/Config.in b/package/systemd/Config.in
> index 45a9e2d644..daa72b65b1 100644
> --- a/package/systemd/Config.in
> +++ b/package/systemd/Config.in
> @@ -518,6 +518,22 @@ config BR2_PACKAGE_SYSTEMD_USERDB
>
> https://www.freedesktop.org/software/systemd/man/systemd-userdbd.service.html
>
> +config BR2_PACKAGE_SYSTEMD_UTMP
> + bool "enable utmp support"
> + help
> + When this feature is selected, systemd will manage the
> + support of utmp.
> +
> + Utmp keeps track of what users do on the system (where they
> + logged from, on which terminal, ...) along with a general
> + status of the system (list of reboots, current uptime, current
> + number of users logged in).
> +
> + You should only enable this if your system requires actual
> + users to log in.
> +
> + https://man7.org/linux/man-pages/man5/utmp.5.html
> +
> config BR2_PACKAGE_SYSTEMD_VCONSOLE
> bool "enable vconsole tool"
> default y
> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
> index b96873b73f..f191542866 100644
> --- a/package/systemd/systemd.mk
> +++ b/package/systemd/systemd.mk
> @@ -87,8 +87,7 @@ SYSTEMD_CONF_OPTS += \
> -Dtelinit-path= \
> -Dtests=false \
> -Dtmpfiles=true \
> - -Dumount-path=/usr/bin/umount \
> - -Dutmp=false
> + -Dumount-path=/usr/bin/umount
>
> SYSTEMD_CFLAGS = $(TARGET_CFLAGS)
> ifeq ($(BR2_OPTIMIZE_FAST),y)
> @@ -331,6 +330,12 @@ else
> SYSTEMD_CONF_OPTS += -Dbinfmt=false
> endif
>
> +ifeq ($(BR2_PACKAGE_SYSTEMD_UTMP),y)
> +SYSTEMD_CONF_OPTS += -Dutmp=true
> +else
> +SYSTEMD_CONF_OPTS += -Dutmp=false
> +endif
> +
> ifeq ($(BR2_PACKAGE_SYSTEMD_VCONSOLE),y)
> SYSTEMD_CONF_OPTS += -Dvconsole=true
> else
> --
> 2.39.0
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-01-21 18:07 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-17 20:56 [Buildroot] [PATCH] package/systemd: reenable utmp support Casey Reeves
2023-01-17 23:47 ` Norbert Lange
2023-01-18 19:49 ` [Buildroot] [PATCH v2] " Casey Reeves
2023-01-21 18:07 ` Yann E. MORIN
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.