Systemd decides of its own accord (that is, the distro cannot tell systemd not to do this) to mount dangerous filesystem read-write by default.
"Solutions" provided by systemd developers:
"Well, there are tools that actually want to write it. We also expose
/dev/sda accessible for root, even though it can be used to hose your system."
We make sda writeable, yes. But it's much more difficult & unlikely one would write a script that opens and overwrites random block files to destroy hard drive data than it is one could untintentionally unlink random files, in this case resulting in the destruction of hardware.
-
"I don't see that particular behaviour as much of a problem. The problem
is that buggy systems can be bricked; it could just as easily happen
because of, say, a bug in gummiboot or refind."
So since other software can also brick the hardware, systemd's behhavior does not need to be fixed. Got it.
-
"So all fixes mentioned here can only protect from accidental deletion -
not malicious intent."
So because someone could intentionally brick some hardware by being malicious, it's pointless to prevent someone from accidentally bricking their hardware. Got it.
-
"As long as distribution that are aimed at consumers remount it ro and
on updating kernels wrap grub with remount this is a complete non-issue."
"If anyone needs protection from idiocy, mount it as ro in /etc/fstab."
So by default, every distribution in the world - and a bootloader - needs a workaround for your software's dangerous behavior. Got it.
-
"To make this very clear: we actually write to the EFI fs in systemd.
Specifically, when you issue "systemctl reboot --firmware" we'll set the
appropriate EFI variable, to ask for booting into the EFI firmware setup.
And because we need it writable we'll mount it writable for that."
One of the commenters (devs?) mentioned that systemd could mount it read-write, apply this change, and mount it read-only again, which would work around the danger we've been talking about. But from this final comment it seems like you (poettering) basically don't care about the problem.
Systemd decides of its own accord (that is, the distro cannot tell systemd not to do this) to mount dangerous filesystem read-write by default.
"Solutions" provided by systemd developers:
We make sda writeable, yes. But it's much more difficult & unlikely one would write a script that opens and overwrites random block files to destroy hard drive data than it is one could untintentionally unlink random files, in this case resulting in the destruction of hardware.-
So since other software can also brick the hardware, systemd's behhavior does not need to be fixed. Got it.-
So because someone could intentionally brick some hardware by being malicious, it's pointless to prevent someone from accidentally bricking their hardware. Got it.-
So by default, every distribution in the world - and a bootloader - needs a workaround for your software's dangerous behavior. Got it.-
One of the commenters (devs?) mentioned that systemd could mount it read-write, apply this change, and mount it read-only again, which would work around the danger we've been talking about. But from this final comment it seems like you (poettering) basically don't care about the problem.Got it.