Bug#688080: unblock: tomoyo-tools/2.5.0-2012-0414-10

To: Hideki Yamane <henrich@debian.or.jp>
Cc: 688080@bugs.debian.org
Subject: Bug#688080: unblock: tomoyo-tools/2.5.0-2012-0414-10
From: intrigeri <intrigeri@debian.org>
Date: Sat, 10 Nov 2012 15:50:03 +0100
Message-id: <[🔎] 85k3tt342s.fsf@boum.org>
Reply-to: intrigeri <intrigeri@debian.org>, 688080@bugs.debian.org
In-reply-to: <20121017050334.18c12798cf73950bf507fea9@debian.or.jp> (Hideki Yamane's message of "Wed, 17 Oct 2012 05:03:34 +0900")
References: <20120919144305.e8f568f189d4dd394c66edf2@debian.or.jp> <3b8d6da3f62cb3a8a09029b6d304773f@mail.adsl.funky-badger.org> <20121017050334.18c12798cf73950bf507fea9@debian.or.jp>

Hi,

(disclaimer: I'm not a member of the release team.)

Hideki Yamane wrote (16 Oct 2012 20:03:34 GMT) :
> On Fri, 12 Oct 2012 23:45:14 +0100
> "Adam D. Barratt" <adam@adam-barratt.org.uk> wrote:
>> > +To enable Tomoyo as the MAC security, please specify parameter to
>> > the kernel.
>> > +By default, it will be done by package.
>> 
>> That doesn't appear to be accurate, given:
>> 
>> > +Template: tomoyo-tools/grub
>> > +Type: boolean
>> > +Default: false
>> > +_Description: Enable TOMOYO Linux at boot time?

>  Well, users just answer "yes" with debconf, I mean.

I believe that Adam means that in the "By default, it will be done by
package" sentence introduced by the proposed change, the *By default*
part is not matched by the actual implementation. After a glance at
the diff, I can only concur: doing something by default is quite
different from doing it iff. the user chooses a non-default answer to
a medium-priority debconf question.

Anyhow, the current implementation looks incomplete and quite fragile
to me:

> +            if [ $RET = true ]; then
> +                sed -e s/^GRUB_CMDLINE_LINUX=\"\"/GRUB_CMDLINE_LINUX=\"security=tomoyo\"/ \
> +                -i /etc/default/grub && update-grub
> +            elif [ $RET = false ]; then
> +                sed -e s/^GRUB_CMDLINE_LINUX=\"security=tomoyo\"/^GRUB_CMDLINE_LINUX=\"\"/ \
> +                -i /etc/default/grub && update-grub
> +            fi

Unless I'm mistaken, this code:

 * basically assumes it's the only one to manage GRUB_CMDLINE_LINUX,
   which is untrue: grub-pc maintainer scripts manage
   /etc/default/grub with ucf
 * assumes GRUB_CMDLINE_LINUX is initially empty, which may not be the
   case
 * does not support removing security=tomoyo in case other settings
   where added by the administrator (same in tomoyo-tools.postrm)

(FTR, this kind of difficulties are why I did not introduce a similar
semi-automatic enabling feature in the AppArmor package yet.)

I think bugs should be filed against the version in unstable to track
this issues.

Once they are fixed, then an additional issue will arise: the code
should also make sure only one security= parameter is passed to Linux.

Therefore, I don't think the proposed update is suitable for testing
at this time of the Wheezy release process. I recommend the release
team rejects this request.

Anyway, it would be awesome if the code and comments were fixed in
unstable at some point. Unfortunately, I guess that will be too late
for Wheezy.

>  Users should check package's README.Debian and modify
>  /etc/default/grub and run update-grub by hand if it's not
>  introduced this change. For better user friendly package, I want it
>  put to Wheezy.

I appreciate your concern about usability.

Cheers,
--
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc

Reply to:

Prev by Date: Bug#691098: marked as done (unblock: mumble/1.2.3-349-g315b5f5-2.1 [pre-approval request])
Next by Date: Bug#690281: unblock: file-mmagic/1.29-1
Previous by thread: Bug#691098: marked as done (unblock: mumble/1.2.3-349-g315b5f5-2.1 [pre-approval request])
Next by thread: Bug#690075: unblock: dnsmasq/2.63-4
Index(es):
- Date
- Thread