* [Buildroot] [PATCH] package/systemd: reenable utmp support
@ 2023-01-17 20:56 Casey Reeves
2023-01-17 23:47 ` Norbert Lange
2023-01-18 19:49 ` [Buildroot] [PATCH v2] " Casey Reeves
0 siblings, 2 replies; 4+ messages in thread
From: Casey Reeves @ 2023-01-17 20:56 UTC (permalink / raw)
To: buildroot; +Cc: Norbert Lange, Sen Hastings, Yann E. MORIN
This patch re-enables utmp support. This was originally disabled as it
showed information about other users on the system, but this information
can be found in other ways by a snoopy user (ps, journalctl, loginctl,
top)...
More importantly, this behaviour causes tools like uptime and
who to falsely state 0 users are logged in. Revert it to fix those
applications, as it can be very confusing and is not improving security.
See commit 32f53bdfb482d0d78308e548c654898089b5c183.
Signed-off-by: Casey Reeves <casey@xogium.me>
---
package/systemd/systemd.mk | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
index b96873b73f..92b80dcf6e 100644
--- a/package/systemd/systemd.mk
+++ b/package/systemd/systemd.mk
@@ -87,8 +87,7 @@ SYSTEMD_CONF_OPTS += \
-Dtelinit-path= \
-Dtests=false \
-Dtmpfiles=true \
- -Dumount-path=/usr/bin/umount \
- -Dutmp=false
+ -Dumount-path=/usr/bin/umount
SYSTEMD_CFLAGS = $(TARGET_CFLAGS)
ifeq ($(BR2_OPTIMIZE_FAST),y)
--
2.39.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: [Buildroot] [PATCH] package/systemd: reenable utmp support 2023-01-17 20:56 [Buildroot] [PATCH] package/systemd: reenable utmp support Casey Reeves @ 2023-01-17 23:47 ` Norbert Lange 2023-01-18 19:49 ` [Buildroot] [PATCH v2] " Casey Reeves 1 sibling, 0 replies; 4+ messages in thread From: Norbert Lange @ 2023-01-17 23:47 UTC (permalink / raw) To: Casey Reeves; +Cc: Sen Hastings, Yann E. MORIN, buildroot [-- Attachment #1.1: Type: text/plain, Size: 2365 bytes --] On Tue, 17 Jan 2023, 21:57 Casey Reeves, <casey@xogium.me> wrote: > This patch re-enables utmp support. This was originally disabled as it > showed information about other users on the system, but this > information > can be found in other ways by a snoopy user (ps, journalctl, loginctl, > top)... > The smart thing to do would be to use those other ways - because they are more secure and don't have assumptions that dont hold nowadays (containers and other isolation methods). > More importantly, this behaviour causes tools like uptime and > who to falsely state 0 users are logged in. Revert it to fix those > applications, as it can be very confusing and is not improving > security. > That's kinda like saying running a webserver on win95 is not a security risk, because I can run a webserver on Linux too. The problem is not what, but how. The gist of the issue is, that you require multiple programs to read and -modify-write a single file, this is opening race conditions, permission problems and those security risks. Buildroot is not a everything-and-the-kitchensink distro, for comparison alpine has stubs that redirect /run/utmp to /dev/null, basically because you can't solve this in a good way without a demon [1]. Maybe it would be sound to add symlinks to /dev/null, mimicking alpine, so uptime should work. Other than that, bringing in utmps first, and making -Dutmp configurable/optional would be better. There is not much use for utmp, and I would object to enabling it unconditional. [1] - https://wiki.musl-libc.org/faq.html#Q:_Why_is_the_utmp/wtmp_functionality_only_implemented_as_stubs ? See commit 32f53bdfb482d0d78308e548c654898089b5c183. > > Signed-off-by: Casey Reeves <casey@xogium.me> > --- > package/systemd/systemd.mk | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk > index b96873b73f..92b80dcf6e 100644 > --- a/package/systemd/systemd.mk > +++ b/package/systemd/systemd.mk > @@ -87,8 +87,7 @@ SYSTEMD_CONF_OPTS += \ > -Dtelinit-path= \ > -Dtests=false \ > -Dtmpfiles=true \ > - -Dumount-path=/usr/bin/umount \ > - -Dutmp=false > + -Dumount-path=/usr/bin/umount > > SYSTEMD_CFLAGS = $(TARGET_CFLAGS) > ifeq ($(BR2_OPTIMIZE_FAST),y) > -- > 2.39.0 > Norbert > [-- Attachment #1.2: Type: text/html, Size: 4453 bytes --] [-- Attachment #2: Type: text/plain, Size: 150 bytes --] _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH v2] package/systemd: reenable utmp support 2023-01-17 20:56 [Buildroot] [PATCH] package/systemd: reenable utmp support Casey Reeves 2023-01-17 23:47 ` Norbert Lange @ 2023-01-18 19:49 ` Casey Reeves 2023-01-21 18:07 ` Yann E. MORIN 1 sibling, 1 reply; 4+ messages in thread From: Casey Reeves @ 2023-01-18 19:49 UTC (permalink / raw) To: buildroot; +Cc: Norbert Lange, Yann E. MORIN, Sen Hastings This patch provides a way to enable utmp support when using systemd, with it disabled by default, as some security concerns may apply. Still, there are cases where having utmp is desirable, even though it is rare, so let's make this configurable. See commit 32f53bdfb482d0d78308e548c654898089b5c183. Signed-off-by: Casey Reeves <casey@xogium.me> --- Changes v1 -> v2: - Make this a configurable option rather than hardcode it to forcefully disabled or enabled --- package/systemd/Config.in | 16 ++++++++++++++++ package/systemd/systemd.mk | 9 +++++++-- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/package/systemd/Config.in b/package/systemd/Config.in index 45a9e2d644..daa72b65b1 100644 --- a/package/systemd/Config.in +++ b/package/systemd/Config.in @@ -518,6 +518,22 @@ config BR2_PACKAGE_SYSTEMD_USERDB https://www.freedesktop.org/software/systemd/man/systemd-userdbd.service.html +config BR2_PACKAGE_SYSTEMD_UTMP + bool "enable utmp support" + help + When this feature is selected, systemd will manage the + support of utmp. + + Utmp keeps track of what users do on the system (where they + logged from, on which terminal, ...) along with a general + status of the system (list of reboots, current uptime, current + number of users logged in). + + You should only enable this if your system requires actual + users to log in. + + https://man7.org/linux/man-pages/man5/utmp.5.html + config BR2_PACKAGE_SYSTEMD_VCONSOLE bool "enable vconsole tool" default y diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk index b96873b73f..f191542866 100644 --- a/package/systemd/systemd.mk +++ b/package/systemd/systemd.mk @@ -87,8 +87,7 @@ SYSTEMD_CONF_OPTS += \ -Dtelinit-path= \ -Dtests=false \ -Dtmpfiles=true \ - -Dumount-path=/usr/bin/umount \ - -Dutmp=false + -Dumount-path=/usr/bin/umount SYSTEMD_CFLAGS = $(TARGET_CFLAGS) ifeq ($(BR2_OPTIMIZE_FAST),y) @@ -331,6 +330,12 @@ else SYSTEMD_CONF_OPTS += -Dbinfmt=false endif +ifeq ($(BR2_PACKAGE_SYSTEMD_UTMP),y) +SYSTEMD_CONF_OPTS += -Dutmp=true +else +SYSTEMD_CONF_OPTS += -Dutmp=false +endif + ifeq ($(BR2_PACKAGE_SYSTEMD_VCONSOLE),y) SYSTEMD_CONF_OPTS += -Dvconsole=true else -- 2.39.0 _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH v2] package/systemd: reenable utmp support 2023-01-18 19:49 ` [Buildroot] [PATCH v2] " Casey Reeves @ 2023-01-21 18:07 ` Yann E. MORIN 0 siblings, 0 replies; 4+ messages in thread From: Yann E. MORIN @ 2023-01-21 18:07 UTC (permalink / raw) To: Casey Reeves; +Cc: Norbert Lange, Sen Hastings, buildroot Casey, All, On 2023-01-18 20:49 +0100, Casey Reeves spake thusly: > This patch provides a way to enable utmp support when using systemd, > with it disabled by default, as some security concerns may apply. Still, > there are cases where having utmp is desirable, even though it is rare, > so let's make this configurable. > > See commit 32f53bdfb482d0d78308e548c654898089b5c183. > > Signed-off-by: Casey Reeves <casey@xogium.me> I've extended the help text with the actual blurb from the systemd-utmp manpage, and a reference to the upstream URL, like for the other configurable items. Applied to master, thanks. Regards, Yann E. MORIN. > --- > Changes v1 -> v2: > - Make this a configurable option rather than hardcode it to forcefully > disabled or enabled > --- > package/systemd/Config.in | 16 ++++++++++++++++ > package/systemd/systemd.mk | 9 +++++++-- > 2 files changed, 23 insertions(+), 2 deletions(-) > > diff --git a/package/systemd/Config.in b/package/systemd/Config.in > index 45a9e2d644..daa72b65b1 100644 > --- a/package/systemd/Config.in > +++ b/package/systemd/Config.in > @@ -518,6 +518,22 @@ config BR2_PACKAGE_SYSTEMD_USERDB > > https://www.freedesktop.org/software/systemd/man/systemd-userdbd.service.html > > +config BR2_PACKAGE_SYSTEMD_UTMP > + bool "enable utmp support" > + help > + When this feature is selected, systemd will manage the > + support of utmp. > + > + Utmp keeps track of what users do on the system (where they > + logged from, on which terminal, ...) along with a general > + status of the system (list of reboots, current uptime, current > + number of users logged in). > + > + You should only enable this if your system requires actual > + users to log in. > + > + https://man7.org/linux/man-pages/man5/utmp.5.html > + > config BR2_PACKAGE_SYSTEMD_VCONSOLE > bool "enable vconsole tool" > default y > diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk > index b96873b73f..f191542866 100644 > --- a/package/systemd/systemd.mk > +++ b/package/systemd/systemd.mk > @@ -87,8 +87,7 @@ SYSTEMD_CONF_OPTS += \ > -Dtelinit-path= \ > -Dtests=false \ > -Dtmpfiles=true \ > - -Dumount-path=/usr/bin/umount \ > - -Dutmp=false > + -Dumount-path=/usr/bin/umount > > SYSTEMD_CFLAGS = $(TARGET_CFLAGS) > ifeq ($(BR2_OPTIMIZE_FAST),y) > @@ -331,6 +330,12 @@ else > SYSTEMD_CONF_OPTS += -Dbinfmt=false > endif > > +ifeq ($(BR2_PACKAGE_SYSTEMD_UTMP),y) > +SYSTEMD_CONF_OPTS += -Dutmp=true > +else > +SYSTEMD_CONF_OPTS += -Dutmp=false > +endif > + > ifeq ($(BR2_PACKAGE_SYSTEMD_VCONSOLE),y) > SYSTEMD_CONF_OPTS += -Dvconsole=true > else > -- > 2.39.0 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot -- .-----------------.--------------------.------------------.--------------------. | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: | | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ | | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no | | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. | '------------------------------^-------^------------------^--------------------' _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-01-21 18:07 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-01-17 20:56 [Buildroot] [PATCH] package/systemd: reenable utmp support Casey Reeves 2023-01-17 23:47 ` Norbert Lange 2023-01-18 19:49 ` [Buildroot] [PATCH v2] " Casey Reeves 2023-01-21 18:07 ` Yann E. MORIN
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox