From patchwork Sat Jul 15 23:59:51 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Tobias Geerinckx-Rice <me@tobias.gr>
X-Patchwork-Id: 51877
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id D439D27BBE2; Thu, 20 Jul 2023 21:44:01 +0100 (BST)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,
	URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id B5A9C27BBE2
	for <patchwork@mira.cbaines.net>; Thu, 20 Jul 2023 21:44:00 +0100 (BST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1qMaUK-0007PQ-U9; Thu, 20 Jul 2023 16:43:04 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1qMaUI-0007O0-Qd
 for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:02 -0400
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1qMaUI-0007Cp-IS
 for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1qMaUH-0000YS-Vs
 for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:01 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#61462] [PATCH v2 01/10] system: Disallow file-like
 setuid-programs.
References: <87r0uuehlr.fsf@nckx>
In-Reply-To: <87r0uuehlr.fsf@nckx>
Resent-From: Tobias Geerinckx-Rice <me@tobias.gr>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Thu, 20 Jul 2023 20:43:01 +0000
Resent-Message-ID: <handler.61462.B61462.16898857271953@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 61462@debbugs.gnu.org
Received: via spool by 61462-submit@debbugs.gnu.org id=B61462.16898857271953
 (code B ref 61462); Thu, 20 Jul 2023 20:43:01 +0000
Received: (at 61462) by debbugs.gnu.org; 20 Jul 2023 20:42:07 +0000
Received: from localhost ([127.0.0.1]:60032 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1qMaTO-0000VK-VM
 for submit@debbugs.gnu.org; Thu, 20 Jul 2023 16:42:07 -0400
Received: from tobias.gr ([80.241.217.52]:36824)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <me@tobias.gr>) id 1qMaTN-0000V4-3T
 for 61462@debbugs.gnu.org; Thu, 20 Jul 2023 16:42:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=vnOwixCqc40Cj
 EZZSwQq+Us9UMR4v2cKqqgUa9N7wfk=; h=date:subject:to:from;
 d=tobias.gr;
 b=ZDnqFDVqfoBrsefygn1ilv5s+tfYwmeddiUc2W/qtD+LZFZOEtzice734MDUExbfZmgT
 u0nDoWdM53bkK2wDgSjjl0iuSoG+et3Fm1GMw8xOZ3lIOUclgcMm6lAsvZCn20mI3wl1cP
 i7WsRDTjkyN1dqqlTF08QFQZK5niZvvOrL3g7IfJR44v6uMLXP3lU+ZsH4VP7lCS8wY4kG
 mAAihMsLmBTXDjwzeI6q+0PZiaHzdrVCAHRItd+BjQgt1JUhFl5rknTIHxGUTCxzZeJgj2
 k1XaO9yiql2eJnIfW1ynS7+0FJuxKrPU82uTMKkTsRJ92amKjHC2PeMJBguna1vQ==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 514093f5
 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462@debbugs.gnu.org>;
 Thu, 20 Jul 2023 20:41:47 +0000 (UTC)
Date: Sun, 16 Jul 2023 01:59:51 +0200
Message-ID: 
 <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@tobias.gr>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Reply-to: Tobias Geerinckx-Rice <me@tobias.gr>
X-ACL-Warn: ,  Tobias Geerinckx-Rice via Guix-patches <guix-patches@gnu.org>
X-Patchwork-Original-From: Tobias Geerinckx-Rice via Guix-patches via
 <guix-patches@gnu.org>
From: Tobias Geerinckx-Rice <me@tobias.gr>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

It has been a warning for well over a year now.  Now, with
privileged-programs coming, don't let's support nested deprecation
hacks.

* gnu/system.scm (<operating-system>):
Don't ‘sanitize’ the setuid-programs field.
(ensure-setuid-program-list): Delete syntax.
(%ensure-setuid-program-list): Delete variable.
---

This is a quick snapshot of my rebased tree at the request of vagrantc.

There shouldn't be any functional changes.  If there are, that's cool too.

 gnu/system.scm | 28 +---------------------------
 1 file changed, 1 insertion(+), 27 deletions(-)


base-commit: 21b718f4d6c3ded8ef50d12f6e9ae6474f74620f
prerequisite-patch-id: efc79914a4e3e994a8786e02774237de36f6b105
prerequisite-patch-id: 1986dc849c15ae6c1502df25f9c17b53a02df83d
prerequisite-patch-id: bb189cbd1346b0d00e9b79189155c9916731788b
prerequisite-patch-id: 062a02ed88acf0f11c5895b67065faa55d71fae8
prerequisite-patch-id: 2eea585e7940a16c24baeed3b65a123b1b10fd6b
prerequisite-patch-id: 31a3407b0c583d01cc2664168ec6cf499f10cb53
prerequisite-patch-id: a0566799f4aef296a3efcd228c3a223202662f86
prerequisite-patch-id: cd50cb9494a47433c7fd167729e239178c78d7f1
prerequisite-patch-id: e86e94b9a40613e3ce534ce778d027210b93b05a
prerequisite-patch-id: c7068d2079b3d2f0f172cc4cf9e0791ff5e84da3
prerequisite-patch-id: b52b35693094914ea1962ac2f186a52617d38c8a
prerequisite-patch-id: b2bdf5541825c9cd57d2fe3e3e9a90e5fc8ffbe6
prerequisite-patch-id: f085c8ee7c7f1d0250b0ed8a548a72d397d96056
prerequisite-patch-id: 49c8f3f912d24147362a3a874c2b2c0b4b182d5d
prerequisite-patch-id: 1f0fc1ca1a40444f4831beaf3183d7d4f866fd6d
prerequisite-patch-id: 8c69acfe3cb01ff3c0a46a2efe04b53ad063002d
prerequisite-patch-id: 10f972ac75020ce096d83b53a68a3b2f1eba1c8c
prerequisite-patch-id: 74586b82a25b775527adc7e8cf09b15bdb4850f7
prerequisite-patch-id: 7388ac8d395ef16830105026230e47d903026335
prerequisite-patch-id: 2c7df330bf50663218016e01b9c0922a6b3a001f
prerequisite-patch-id: f45ec5e6d6023fc5538e1578bbb4e270d7b23baf
prerequisite-patch-id: 0083d0b8d60fd0e526449cd192f153d0bd1bde0b
prerequisite-patch-id: 7e6e4ab87b52996e9bb6cd8595889f21ba87e9fe

diff --git a/gnu/system.scm b/gnu/system.scm
index 23addf41e9..e32879b240 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -296,8 +296,7 @@ (define-record-type* <operating-system> operating-system
   (pam-services operating-system-pam-services     ; list of PAM services
                 (default (base-pam-services)))
   (setuid-programs operating-system-setuid-programs
-                   (default %setuid-programs)     ; list of <setuid-program>
-                   (sanitize ensure-setuid-program-list))
+                   (default %setuid-programs))    ; list of <setuid-program>
 
   (sudoers-file operating-system-sudoers-file     ; file-like
                 (default %sudoers-specification))
@@ -1203,31 +1202,6 @@ (define (operating-system-environment-variables os)
     ;; when /etc/machine-id is missing.  Make sure these warnings are non-fatal.
     ("DBUS_FATAL_WARNINGS" . "0")))
 
-;; Ensure LST is a list of <setuid-program> records and warn otherwise.
-(define-with-syntax-properties (ensure-setuid-program-list (lst properties))
-  (%ensure-setuid-program-list lst properties))
-
-;; We want to be able to use defines, so define a procedure.
-(define (%ensure-setuid-program-list lst properties)
-  (define warned? #f)
-
-  (define (warn-once)
-    (unless warned?
-      (warning (source-properties->location properties)
-               (G_ "representing setuid programs with file-like objects is \
-deprecated; use 'setuid-program' instead~%"))
-      (set! warned? #t)))
-
-  (map (match-lambda
-         ((? setuid-program? program)
-          program)
-         (program
-          ;; PROGRAM is a file-like or a gexp like #~(string-append #$foo
-          ;; "/bin/bar").
-          (warn-once)
-          (setuid-program (program program))))
-       lst))
-
 (define %setuid-programs
   ;; Default set of setuid-root programs.
   (let ((shadow (@ (gnu packages admin) shadow)))