Bug #342455 is still assigned to this committee; there seems to be a
consensus on the correct course of action, but there has as yet not been a
vote, nor a fix in the devmapper package.
The following draft resolution attempts to capture the consensus as I
understand it, so I'm throwing it out for consideration. Amendments are
welcome, whether improvements on the wording or substantive changes. In
particular, I'm not sure whether you all will think point 14. is appropriate
in the event that the resolution doesn't pass with a 3:1 majority. Also,
Raul suggested in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342455;msg=15 that policy
should also be amended to spell out the permissions for disk devices -- do
we need to include text here which addresses that directly?
I'd like to get started with this vote fairly soon, since AIUI Roger is
hoping that a fix for this issue can be included in the next stable point
release; so I hope you'll all forgive my delinquence in getting this draft
written up, and submit any amendments ASAP so that I can call for a vote on
it in the next couple of days.
(BTW, have people read Bastian's patches in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342455;msg=129? While
they are a very encouraging development, if you look them over you'll see
that Bastian has still implemented root:root 0600 as the default permissions
for lvm2 -- so there is still an unresolved technical dispute here, not just
an issue of time management...)
WHEREAS
1. It is a limitation of the current device-mapper implementation in Debian
that all device nodes managed by libdevmapper are created with the same
hard-coded ownership and permissions; and
2. The standard owning group for disk device nodes is group disk; and
3. The sole reason for the existence of this group on Debian systems is
to control access to disk devices; and
4. The majority of device-mapper nodes expose data that is already
available to members of the disk group via the component disks; and
5. The use of a different owning group in these cases therefore makes
accessing the data more inconvenient but not more secure; and
6. The exception to the above is dm-crypt, whereby device-mapper nodes
expose data that is not available in unencrypted form from the
component disks; and
7. No single owning group satisfies all possible use cases for
device-mapper; but
8. Users of dm-crypt have the option of not adding users to the disk
group that they do not wish to have access to their unencrypted
dm-crypt volumes;
THE TECHNICAL COMMITTEE:
9. THANKS Bastian Blank for his continued maintenance of the devmapper
package in Debian; and
10. ALSO THANKS Roger Leigh for bringing this issue before the
committee; and
11. ENCOURAGES the devmapper maintainer to work towards support for
configurable device-mapper device permissions in Debian; and
12. DETERMINES that the correct default permissions for all device-mapper
nodes is root:disk 0660, with or without support for configurable device
permissions; and
13. ASKS (with a 3:1 majority: REQUIRES) the devmapper maintainer to
implement these permissions in unstable by applying Roger Leigh's
patch from
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329409;msg=87;att=0;
and
14. AUTHORIZES Roger to implement these same permissions in stable via a
non-maintainer upload.
Thanks,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
[EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature
