Hi all, On Thu, Oct 12, 2017 at 9:21 AM, Andreas Henriksson <andr...@fatal.se> wrote: > Hello, > > I'm attaching a completely untested patch against systemd packaging git. > > @Stijn van Drongelen : > Maybe you can offer to test it (and maybe even finish it up)? > > (Please note how I *intentionally* isn't setting a patch tag since > the patch is both untested and *unfinished*. This is mostly a RFC > if this method would be considered acceptable.)
Indeed, it is lacking some error checking. I think the overall idea is sane, however I think the systemd-sulogin-shell patch should go upstream. I rewrote the previous small shell wrapper in C precisely so that these sort of patches have a better chance at acceptance upstream. I have just a few comments on the patch: 1. Error checking on the strv_* operations is missing. 2. I would have a single `fork_wait` call point, and have `sulogin_cmdline_args = sulogin_cmdline` when the envvar is not present or empty. 3. I'm not sure if it is best to have a single SULOGIN_ARGS envvar or multiple SULOGIN_FORCE, SULOGIN_OTHER_ARG flags. The strv_split operation is naive in that then arguments with spaces can't be passed. OTOH, sulogin does not accept any argument where spaces make sense, so it doesn't have a practical impact here. Only comment 1 really needs to be addressed before presenting upstream, as 2 and 3 are more stylistic and upstream might have different preferences than me. > > Rather than shipping the dropins in /lib/systemd/system they > maybe should be installed in /etc/systemd/system instead (as > conffiles) to easier allow the sysadmin to remove them. > (Or even ship commented-out under secure-by-default mantra.) > > Personally I don't really see much point in this. Why would you > expect passwordless root shells to be handed out if you lock > the root account? I do. For many (most?) computers, physical access means game lost security-wise, as you can just disassemble the box and get the hard drive. Making the rescue and emergency shells unusable in the (now default?) passwordless-root environments d-i generates is not very user friendly. So I think d-i should generate this snippet in /etc if the root account was not configured. -- Saludos, Felipe Sateler _______________________________________________ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers