Query regd. rw rootfs

[Ravi Paluri (QUIC)]

> What is the actual problem you are trying to solve? If a user possesses enough permissions to modify /etc/passwd) he might as well modify init scripts, replace legitimate executables with malicious ones or simply replace the running firmware altogether by reflashing another image.
As mentioned in https://openwrt.org/docs/techref/preinit_mount#failsafeBy, rootfs is made rw via overlay. So, even a non-root user will have the ability to modify (for e.g. delete dnsmasq entry in /etc/passwd). 
So, on next reboot, I think, an init script may fail saying, dnsmasq is an unknown user. 
So, given this case, I was trying to understand how this is handled by procd? 

Thanks,
Ravi

-----Original Message-----
From: openwrt-devel <openwrt-devel-bounces at lists.openwrt.org> On Behalf Of Jo-Philipp Wich
Sent: Thursday, June 16, 2022 5:15 PM
To: openwrt-devel at lists.openwrt.org
Subject: Re: Query regd. rw rootfs

WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.

Hi,

> If the behavior is not same, can you let me know how "below" is 
> handled/taken care in OpenWRT? "changes made to sensitive files for e.g.
> /etc/passwd (deleting a line. Deleting passwd file etc.) will have 
> adverse impact on security and some init scripts may not start etc."

OpenWrt does not have special handling for such situations. Users deleting parts of vital system configuration files (or even entire files such as libraries, init scripts etc.) will need to recover their system manually.

What is the actual problem you are trying to solve? If a user possesses enough permissions to modify /etc/passwd he might as well modify init scripts, replace legitimate executables with malicious ones or simply replace the running firmware altogether by reflashing another image.

I don't see the point in adding such "protections" aside from increasing code complexity, bug and attack surface as well as required storage footprint.

~ Jo