git: 2c26d77d989a - main - Remove /boot/efi from mtree, missed in 0b7472b3d8d2.
Warner Losh
imp at bsdimp.com
Wed Mar 3 00:26:21 UTC 2021
On Tue, Mar 2, 2021 at 11:58 AM Nathan Whitehorn <nwhitehorn at freebsd.org>
wrote:
>
>
> On 3/2/21 1:56 PM, Rodney W. Grimes wrote:
> >>
> >> On Tue, Mar 2, 2021, at 12:26 PM, Rodney W. Grimes wrote:
> >>> This fails to apply the proper owner/group and mode values
> >>> using what ever defaults are in place of the process running
> >>> the build.
> >> Keep in mind that this is the root of a mounted filesystem in the case
> where it matters, and the filesystem being mounted there doesn't support
> proper modes anyway, so the mtree values are a bit irrelevant anyway as the
> actual control of that is in the fstab.
> > That assumes the mount is done and/or kept. My concern is more
> > of a lack security (aka world writable) /boot/efi getting created
> > in a distribution that then is *not* mounted for some reason,
> > either by choice or error.
> >
> > mkdir should be stricken from use when possible, install -d
> > should be used instead.
> >
>
> But that can't happen in this code. For one thing, it's only used in a
> controlled environment to generate SD-card images for a handful of ARM
> boards. For another the mount is set up and installed in fstab a couple
> lines further down the same script.
>
Removing this from mtree.root wasn't what was agreed upon. Please put it
back and fix it another way.
It needs to be in mtree.root because we need it for x86 automatic updating
code that's coming later.
Warner
More information about the dev-commits-src-main
mailing list