Hi! For a test system for a security-relevant setting, I'd like to split /usr in a way that "dangerous" tools like gcc are stored on a second disk that can be umounted and switched off, preventing attackers from compling their tools because there is no compiler without physical access to the box to switch that second disk on.
A possible solution would be to install these security relevant programs into /usr/develdisk and to use stow to link /usr/develdisk to /usr. That way, I would have /usr/develdisk/bin/gcc and a symlink pointing from /usr/bin/gcc to /usr/develdisk/bin/gcc. If develdisk is umounted, I'd have a dangling link and could either live with it or do a stow -D prior to unmounting to clean up the symlinks. Could that work? I have written the following script to do so: |#!/bin/bash | |# this script will aid in moving some files belonging to dpkg-packages |# to different locations on the system. This is done by first learning |# which files belong to a package, then passing all file names through |# a sed script and executing appropriate mv commands. |# |# Example: Move all of gcc, stow and libreadlineg2 what is usually stored |# in /usr to /usr/devel: |# dpkg-move -v -s "s|/usr|/usr/devel|" gcc stow libreadlineg2 | |while getopts "s:vn" opt; do | case $opt in | s ) sedscript=$OPTARG ;; | v ) verbose=1 ;; | n ) noop=1 ;; | \? ) echo 'usage: $0 [-v] [-n] -s sedscript packages...' | echo ' -v: verbose' | echo ' -n: do not actually execute the move commands' | exit 1 | esac |done |shift $(($OPTIND - 1)) | |if [ -z $sedscript ]; then | echo 'no script given' | exit 1 |fi | |[ $verbose ] && echo "entering verbose mode." | |while [ "$1" != "" ]; do | dpkg --listfiles $1 | | while read filename; do | if [ ! -d $filename ]; then | newname=`echo $filename | sed $sedscript` | if [ $filename != $newname ]; then | | # make sure that target directory exists | | dir=$newname | | | [ $verbose ] && echo "mv $filename $newname" | [ $noop ] || echo "execmv $filename $newname" | else | [ $verbose ] && echo "$filename: not touched by script, skipping." | fi | else | [ $verbose ] && echo "$filename: directory, skipping." | fi | done | shift |done I am not yet a wizard in shell scripting and would appreciate your comments about possible bugs and coding style problems. This script currently breaks when the package includes symlinks since mv can't move symlinks across file systems. Is copying and deleting a possible workaround? What am I to do in this situation? However, I have two dpkg issues with this approach: (1) A package moved by this script and re-stowed to its original location will certainly break during a distribution update. Is there anything I can do to prevent this or would dpkg have to support this? Is there any chance of getting support for this situation into a future version of dpkg? (2) Should I make my script update dpkg databases? I'd appreciate your comments, thanks in advance. Am I probably better off in a different mailing list? Should I crosspost to devel or user? Greetings Marc -- -------------------------------------- !! No courtesy copies, please !! ----- Marc Haber | " Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29
