| 20 Feb 2023 |
 @janne.hess:helsinki-systems.de | 🤔 | 09:06:56 |
 @elvishjerricco:matrix.org | the big problem is, as evident by the linked PR, wrapper script | 09:07:05 |
| @elvishjerricco:matrix.org | * the big problem is, as evident by the linked PR, wrapper scripts | 09:07:06 |
| @janne.hess:helsinki-systems.de | Will investigate. Asking because we have a certrain customer who is interested in this | 09:07:20 |
| @janne.hess:helsinki-systems.de | In reply to @elvishjerricco:matrix.org
the big problem is, as evident by the linked PR, wrapper scripts nixos test that takes the initrd and does find /nix/store -name bash -or -name irb -or -name … seems likely. If anyone really wants their bean shell in there, so be it | 09:08:01 |
| @elvishjerricco:matrix.org | hm? My point was that e.g. if you want cryptsetup stuff or gzip stuff (vconsole), you need wrapper scripts via makeWrapper that just set environment variables before executing the real program | 09:09:24 |
| @elvishjerricco:matrix.org | those scripts are almost universally bash in nixos | 09:09:47 |
| @elvishjerricco:matrix.org | oh but I guess isn't there a C version of makeWrapper? | 09:10:06 |
 K900 | I just don't get the threat model | 09:10:07 |
| @janne.hess:helsinki-systems.de | In reply to @elvishjerricco:matrix.org
oh but I guess isn't there a C version of makeWrapper? makeBinaryWrapper | 09:10:12 |
| @janne.hess:helsinki-systems.de | In reply to @k900:0upti.me
I just don't get the threat model Neither do I but it seems like a interesting challenge | 09:10:26 |
| @elvishjerricco:matrix.org | I kind of get it | 09:10:42 |
| @janne.hess:helsinki-systems.de | In reply to @janne.hess:helsinki-systems.de
Neither do I but it seems like a interesting challenge I also told them having AppArmor everywhere would get you to a more secure system but who am I to judge | 09:11:03 |
| @elvishjerricco:matrix.org | The more turing complete parameters you include, the greater the fuckups | 09:11:05 |
| @elvishjerricco:matrix.org | but like the kernel already has turing complete shit with bpf or whatever it's called so you're already screwed | 09:11:37 |
| @janne.hess:helsinki-systems.de | In reply to @elvishjerricco:matrix.org
but like the kernel already has turing complete shit with bpf or whatever it's called so you're already screwed Ah so you think they don't have a custom one with grsecurity? But yeah, it's hard to defend this measure | 09:12:31 |
| @elvishjerricco:matrix.org | I mean I think it's an entirely reasonable thing to want | 09:12:55 |
| @janne.hess:helsinki-systems.de | Will try when I find time, probably just need to use makeBinaryWrapper and rewrite my shitty bash code to shitty c code | 09:13:10 |
| @elvishjerricco:matrix.org | I think it's ridiculous that the kernel allows turing complete logic from userspace | 09:13:11 |
| @elvishjerricco:matrix.org | zfs made a more egregious version of this mistake by including a Lua interpreter in kernel space | 09:13:32 |
| @elvishjerricco:matrix.org | like... please don't do that | 09:13:42 |
| @janne.hess:helsinki-systems.de | In reply to @elvishjerricco:matrix.org
zfs made a more egregious version of this mistake by including a Lua interpreter in kernel space I mean … still better than a fully ruby env? | 09:13:59 |
| @elvishjerricco:matrix.org | Oh no is there ruby in the kernel?? | 09:14:27 |
| @janne.hess:helsinki-systems.de | No, that's the point. Rather have lua than ruby | 09:14:41 |
| @elvishjerricco:matrix.org | ah lol fair enough | 09:14:50 |
| @janne.hess:helsinki-systems.de | Or just go the way of anti-cheat on windows and open an unauthenticated pipe and execute whatever comes out of it 🎉 | 09:15:02 |
| @janne.hess:helsinki-systems.de | * Or just go the way of anti-cheat on windows and open an unauthenticated pipe and execute whatever comes out of it in the kernel 🎉 | 09:15:11 |
| @elvishjerricco:matrix.org | oof | 09:15:12 |
| @elvishjerricco:matrix.org | The trusted boot crowd has a lot of ambition around separating root from kernel so that even root can't ruin trusted boot. I think this falls in an adjacent category; initrd shouldn't be capable of undermining system security by allowing arbitrary logic encoded at runtime | 09:17:14 |
| @elvishjerricco:matrix.org | It's.... probably not actually all that helpful | 09:17:42 |
