Planet Debian

My work on overhauling dhcpcd as the prime replacement for ISC's discontinued DHCP client is done. The package has achieved stability, both upstream and at Debian. The only remaining points are bug #1038882 to swap the Priorities of isc-dhcp-client and dhcpcd-base in the repository's override, and swaping ifupdown's search order to put dhcpcd first.

Meanwhile, ifupdown's de-facto maintainer prompted me to sollicit opinions on which of the 4 ifupdown implementations should ship with a minimal installation for Trixie. This, in turn, re-opened the debate of what should be Debian's default network configuation framework (see the thread starting with this post).

networkd

Given how most Debian ports (except for Hurd) ship with systemd, which includes a disabled networkd by standard, many people in the thread feel that this should become the default network configuration tool for minimal installations. As it happens, most of my hosts fit that scenario, so I figured that I would give another go at testing networkd on one host.

I used the following minimalistic /etc/systemd/network/dhcp.network:

[Match] Name=en* wl* [Network] DHCP=yes

This correctly configured IPv4 via DHCP, with the small caveat that it doesn't update /etc/resolv.conf without installing resolvconf or systemd-resolved.

However, networkd's default IPv6 settings really are not suitable for public consumption. The key issues (see Bug #1076432):

1. Temporary addresses are not enabled by default. Worse, the setting is ignored if it was enabled by sysctl during bootup. This is a major privacy issue. Adding IPv6PrivacyExtensions=yes to the above exposed another issue: instead of using the fe80 address generated by the kernel, networkd adds a new one.
2. Networkd uses EUI64 addresses by default. This is another major privacy issue, since EUI64 addresses are forensically traceable to the interface's MAC address. Worse, the setting is ignored if stable-privacy was enabled by sysctl during bootup. To top it all, networkd does stable-privacy using systemd's time-proven brain-dead approach of reinventing the wheel: instead of merely setting the kernel's address generation mode to 3 and letting it configure the secret address, it expects the secret address to be spelled out in the systemd unit.

Conclusion: networkd works well enough for someone configuring an IPv4-only network from 20 years ago, but is utterly inadequate for IPv6 or dual-stack installations, doubly so on a software distribution that claims to care about privacy and network security.

Here comes the 3rd article of the 5-episode blog post series on Polis, written by Guido Berhörster, member of staff at my company Fre(i)e Software GmbH.

Enjoy also this read on Guido's work on Polis,
Mike

Table of Contents of the Blog Post Series

1. Introduction
2. Initial evaluation and adaptation
3. Issues extending Polis and adjusting our goals (this article)
4. Creating (a) new frontend(s) for Polis
5. Current status and roadmap

Polis - Issues extending Polis and adjusting our Goals

After the initial implementation of limited branding support, user feedback and the involvement of an UX designer lead to the conclusion that we needed more far-reaching changes to the user interface in order to reduce visual clutter, rearrange and improve UI elements, and provide better integration with the websites in which conversations are embedded.

Challenges when visualizing Data in Polis

Polis visualizes groups using a spatial projection of users based on similarities in voting behavior and places them in two to five groups using a clustering algorithm. During our testing and evaluation users were rarely able to interpret the visualization and often intuitively made incorrect assumptions e.g. by associating the filled area of a group with its significance or size. After consultation with a member of the Multi-Agent Systems (MAS) Group at the University of Groningen we chose to temporarily replace the visualization offered by Polis with simple bar charts representing agreement or disagreement with statements of a group or the majority. We intend to revisit this and explore different forms of visualization at a later point in time.

The different factors playing into the weight attached to statements which determine the pseuodo-random order in which they are presented for voting (“comment routing”) proved difficult to explain to stakeholders and users and the admission of the ad-hoc and heuristic nature of the used algorithm1 by Polis’ authors lead to the decision to temporarily remove this feature. Instead, statements should be placed into three groups, namely

1. metadata questions,
2. seed statements,
3. and participant statements

Statements should then be sorted by group but in a fully randomized order within the group so that metadata questions would be presented before seed statements which would be presented before participant’s statements. This simpler method was deemed sufficient for the scale of our pilot projects, however we intend to revisit this decision and explore different methods of “comment routing” in cooperation with our scientific partners at a later point in time.

An evaluation of the requirements for implementing mandatory authentication and adding support for additional authentication methods to Polis showed that significant changes to both the administration and participation frontend were needed due to a lack of an abstraction layer or extension mechanism and the current authentication providers being hardcoded in many parts of the code base.

A New Frontend is born: Particiapp

Based on the implementation details of the participation frontend, the invasive nature of the changes required, and the overhead of keeping up with active upstream development it became clear that a different, more flexible approach to development was needed. This ultimately lead to the creation of Particiapp, a new Open Source project providing the building blocks and necessary abstraction layers for rapid protoyping and experimentation with different fontends which are compatible with but independent from Polis.

1. Small, Christopher T., Bjorkegren, Michael, Erkkilä, Timo, Shaw, Lynette and Megill, Colin (2021). Polis: Scaling deliberation by mapping high dimensional opinion spaces. Recerca. Revista de Pensament i Anàlisi, 26(2), pp. 1-26. ↩

The recent issue of Windows security software killing computers has reminded me about the issue of management software for Dell systems. I wrote policy for the Dell management programs that extract information from iDRAC and store it in Linux. After the break I’ve pasted in the policy. It probably needs some changes for recent software, it was last tested on a PowerEdge T320 and prior to that was used on a PowerEdge R710 both of which are old hardware and use different management software to the recent hardware. One would hope that the recent software would be much better but usually such hope is in vain. I deliberately haven’t submitted this for inclusion in the reference policy because it’s for proprietary software and also it permits many operations that we would prefer not to permit.

The policy is after the break because it’s larger than you want on a Planet feed. But first I’ll give a few selected lines that are bad in a noteworthy way:

1. sys_admin means the ability to break everything
2. dac_override means break Unix permissions
3. mknod means a daemon creates devices due to a lack of udev configuration
4. sys_rawio means someone didn’t feel like writing a device driver, maintaining a device driver for DKMS is hard and getting a driver accepted upstream requires writing quality code, in any case this is a bad sign.
5. self:lockdown is being phased out, but used to mean bypassing some integrity protections, that would usually be related to sys_rawio or similar.
6. dev_rx_raw_memory is bad, reading raw memory allows access to pretty much everything and execute of raw memory is something I can’t imagine a good use for, the Reference Policy doesn’t use this anywhere!
7. dev_rw_generic_chr_files usually means a lack of udev configuration as udev should do that.
8. storage_raw_write_fixed_disk shouldn’t be needed for this sort of thing, it doesn’t do anything that involves managing partitions.

Now without network access or other obvious ways of remote control this level of access while excessive isn’t necessarily going to allow bad things to happen due to outside attack. But if there are bugs in the software there’s nothing to stop it from giving the worst results.

allow dell_datamgrd_t self:capability { dac_override dac_read_search mknod sys_rawio sys_admin }; allow dell_datamgrd_t self:lockdown integrity; dev_rx_raw_memory(dell_datamgrd_t) dev_rw_generic_chr_files(dell_datamgrd_t) dev_rw_ipmi_dev(dell_datamgrd_t) dev_rw_sysfs(dell_datamgrd_t) storage_raw_read_fixed_disk(dell_datamgrd_t) storage_raw_write_fixed_disk(dell_datamgrd_t) allow dellsrvadmin_t self:lockdown integrity; allow dellsrvadmin_t self:capability { sys_admin sys_rawio }; dev_read_raw_memory(dellsrvadmin_t) dev_rw_sysfs(dellsrvadmin_t) dev_rx_raw_memory(dellsrvadmin_t)

The best thing that Dell could do for their customers is to make this free software and allow the community to fix some of these issues.

Here is dellsrvadmin.te:

policy_module(dellsrvadmin,1.0.0) require {   type dmidecode_exec_t;   type udev_t;   type device_t;   type event_device_t;   type mon_local_test_t; } type dellsrvadmin_t; type dellsrvadmin_exec_t; init_daemon_domain(dellsrvadmin_t, dellsrvadmin_exec_t) type dell_datamgrd_t; type dell_datamgrd_exec_t; init_daemon_domain(dell_datamgrd_t, dell_datamgrd_t) type dellsrvadmin_var_t; files_type(dellsrvadmin_var_t) domain_transition_pattern(udev_t, dellsrvadmin_exec_t, dellsrvadmin_t) modutils_domtrans(dellsrvadmin_t) allow dell_datamgrd_t device_t:dir rw_dir_perms; allow dell_datamgrd_t device_t:chr_file create; allow dell_datamgrd_t event_device_t:chr_file { read write }; allow dell_datamgrd_t self:process signal; allow dell_datamgrd_t self:fifo_file rw_file_perms; allow dell_datamgrd_t self:sem create_sem_perms; allow dell_datamgrd_t self:capability { dac_override dac_read_search mknod sys_rawio sys_admin }; allow dell_datamgrd_t self:lockdown integrity; allow dell_datamgrd_t self:unix_dgram_socket create_socket_perms; allow dell_datamgrd_t self:netlink_route_socket r_netlink_socket_perms; modutils_domtrans(dell_datamgrd_t) can_exec(dell_datamgrd_t, dmidecode_exec_t) allow dell_datamgrd_t dellsrvadmin_var_t:dir rw_dir_perms; allow dell_datamgrd_t dellsrvadmin_var_t:file manage_file_perms; allow dell_datamgrd_t dellsrvadmin_var_t:lnk_file read; allow dell_datamgrd_t dellsrvadmin_var_t:sock_file manage_file_perms; kernel_read_network_state(dell_datamgrd_t) kernel_read_system_state(dell_datamgrd_t) kernel_search_fs_sysctls(dell_datamgrd_t) kernel_read_vm_overcommit_sysctl(dell_datamgrd_t) # for /proc/bus/pci/* kernel_write_proc_files(dell_datamgrd_t) corecmd_exec_bin(dell_datamgrd_t) corecmd_exec_shell(dell_datamgrd_t) corecmd_shell_entry_type(dell_datamgrd_t) dev_rx_raw_memory(dell_datamgrd_t) dev_rw_generic_chr_files(dell_datamgrd_t) dev_rw_ipmi_dev(dell_datamgrd_t) dev_rw_sysfs(dell_datamgrd_t) files_search_tmp(dell_datamgrd_t) files_read_etc_files(dell_datamgrd_t) files_read_etc_symlinks(dell_datamgrd_t) files_read_usr_files(dell_datamgrd_t) logging_search_logs(dell_datamgrd_t) miscfiles_read_localization(dell_datamgrd_t) storage_raw_read_fixed_disk(dell_datamgrd_t) storage_raw_write_fixed_disk(dell_datamgrd_t) can_exec(mon_local_test_t, dellsrvadmin_exec_t) allow mon_local_test_t dellsrvadmin_var_t:dir search; allow mon_local_test_t dellsrvadmin_var_t:file read_file_perms; allow mon_local_test_t dellsrvadmin_var_t:file setattr; allow mon_local_test_t dellsrvadmin_var_t:sock_file write; allow mon_local_test_t dell_datamgrd_t:unix_stream_socket connectto; allow mon_local_test_t self:sem { create read write destroy unix_write }; allow dellsrvadmin_t self:process signal; allow dellsrvadmin_t self:lockdown integrity; allow dellsrvadmin_t self:sem create_sem_perms; allow dellsrvadmin_t self:fifo_file rw_file_perms; allow dellsrvadmin_t self:packet_socket create; allow dellsrvadmin_t self:unix_stream_socket { connectto create_stream_socket_perms }; allow dellsrvadmin_t self:capability { sys_admin sys_rawio }; dev_read_raw_memory(dellsrvadmin_t) dev_rw_sysfs(dellsrvadmin_t) dev_rx_raw_memory(dellsrvadmin_t) allow dellsrvadmin_t dellsrvadmin_var_t:dir rw_dir_perms; allow dellsrvadmin_t dellsrvadmin_var_t:file manage_file_perms; allow dellsrvadmin_t dellsrvadmin_var_t:lnk_file read; allow dellsrvadmin_t dellsrvadmin_var_t:sock_file write; allow dellsrvadmin_t dell_datamgrd_t:unix_stream_socket connectto; kernel_read_network_state(dellsrvadmin_t) kernel_read_system_state(dellsrvadmin_t) kernel_search_fs_sysctls(dellsrvadmin_t) kernel_read_vm_overcommit_sysctl(dellsrvadmin_t) corecmd_exec_bin(dellsrvadmin_t) corecmd_exec_shell(dellsrvadmin_t) corecmd_shell_entry_type(dellsrvadmin_t) files_read_etc_files(dellsrvadmin_t) files_read_etc_symlinks(dellsrvadmin_t) files_read_usr_files(dellsrvadmin_t) logging_search_logs(dellsrvadmin_t) miscfiles_read_localization(dellsrvadmin_t)

Here is dellsrvadmin.fc:

/opt/dell/srvadmin/sbin/.*        --        gen_context(system_u:object_r:dellsrvadmin_exec_t,s0) /opt/dell/srvadmin/sbin/dsm_sa_datamgrd        --        gen_context(system_u:object_r:dell_datamgrd_t,s0) /opt/dell/srvadmin/bin/.*        --        gen_context(system_u:object_r:dellsrvadmin_exec_t,s0) /opt/dell/srvadmin/var(/.*)?                        gen_context(system_u:object_r:dellsrvadmin_var_t,s0) /opt/dell/srvadmin/etc/srvadmin-isvc/ini(/.*)?        gen_context(system_u:object_r:dellsrvadmin_var_t,s0)

Related posts:

1. creating a new SE Linux policy module Creating a simple SE Linux policy module is not difficult....
2. Debian SE Linux policy bug checkmodule -m -o local.mod local.te semodule_package -o local.pp -m local.mod...
3. New SE Linux Policy for Squeeze I have just uploaded refpolicy version 0.2.20100524-1 to Unstable. This...

Leonardo and I are happy to announce the release of another maintenance release 0.1.3 of our dtts package which has been on CRAN for a good two years now.

dtts builds upon our nanotime package as well as the beloved data.table to bring high-performance and high-resolution indexing at the nanosecond level to data frames. dtts aims to offers the time-series indexing versatility of xts (and zoo) to the immense power of data.table while supporting highest nanosecond resolution.

This release contains two nice and focussed contributed pull requests. Tomas Kalibera, who as part of R Core looks after everything concerning R on Windows, and then some, needed an adjustment for pending / upcoming R on Windows changes for builds with LLVM which is what Arm-on-Windows uses. We happily obliged: neither Leonardo nor I see much of Windows these decades. (Easy thing to say on a day like today with its crowdstrike hammer falling!) Similarly, Michael Chirico supplied a PR updating one of our tests to an upcoming change at data.table which we are of course happy to support.

The short list of changes follows.

Changes in version 0.1.3 (2024-07-18)

• Windows builds use localtime_s with LLVM (Tomas Kalibera in #16)

• Tests code has been adjusted for an upstream change in data.table tests for all.equal (Michael Chirico in #18 addressing #17)

Courtesy of my CRANberries, there is also a report with diffstat for this release. Questions, comments, issue tickets can be brought to the GitHub repo. If you like this or other open-source work I do, you can now sponsor me at GitHub.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

The following contributors got their Debian Developer accounts in the last two months:

• Dennis van Dok (dvandok)
• Peter Wienemann (wiene)
• Quentin Lejard (valde)
• Sven Geuer (sge)
• Taavi Väänänen (taavi)
• Hilmar Preusse (hille42)
• Matthias Geiger (werdahias)
• Yogeswaran Umasankar (yogu)

The following contributors were added as Debian Maintainers in the last two months:

• Bernhard Miklautz
• Felix Moessbauer
• Maytham Alsudany
• Aquila Macedo
• David Lamparter
• Tim Theisen
• Stefano Brivio
• Shengqi Chen

Congratulations!