netatalk icon indicating copy to clipboard operation
netatalk copied to clipboard

Published 20 hours ago verified publisher icon Netatalk

Revisit afprun functionality (preexec, postexec)

Open rdmark opened this issue 2 years ago • 4 comments

Like we did with 2.x in https://github.com/Netatalk/netatalk/issues/526 I think afprun functionality should be removed from 3.x as well. Including the preexec / postexec, as well as the nostat options.

As with previous feature deprecations in 3.x, let me ask the community on the mailing lists about their use cases.

rdmark avatar Oct 21 '23 11:10 rdmark

Inconclusive feedback from the community so far. Thread starts at https://sourceforge.net/p/netatalk/mailman/message/47401127/

@dgsga What do you think? There is an argument by Ralph that there is a general usecase for this feature, but noone in the community spoke up to say that they actually used it.

rdmark avatar Dec 01 '23 11:12 rdmark

For this ticket I want to pivot to:

  1. Understanding what the concrete use cases are for this functionality. What kinds of volume pre-mount and post-dismount steps are actually executed? Is root privileges actually required?
  2. Revisit how this functionality is implemented (in particular around root access.)

rdmark avatar Dec 17 '23 23:12 rdmark

My take on it is that afprun functionality should be removed for this one reason alone: "This code constitutes a major opportunity to run arbitrary shell commands (with root privileges) on the host, with all sorts of security implications."

ghost avatar Dec 19 '23 14:12 ghost

How about the take the middle road of removing root preexec and root postexec while keeping the non-root functionality?

rdmark avatar Dec 19 '23 22:12 rdmark