From patchwork Sat Jul 15 23:59:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Tobias Geerinckx-Rice X-Patchwork-Id: 51877 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id D439D27BBE2; Thu, 20 Jul 2023 21:44:01 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id B5A9C27BBE2 for ; Thu, 20 Jul 2023 21:44:00 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qMaUK-0007PQ-U9; Thu, 20 Jul 2023 16:43:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qMaUI-0007O0-Qd for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:02 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qMaUI-0007Cp-IS for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qMaUH-0000YS-Vs for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#61462] [PATCH v2 01/10] system: Disallow file-like setuid-programs. References: <87r0uuehlr.fsf@nckx> In-Reply-To: <87r0uuehlr.fsf@nckx> Resent-From: Tobias Geerinckx-Rice Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 20 Jul 2023 20:43:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61462 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 61462@debbugs.gnu.org Received: via spool by 61462-submit@debbugs.gnu.org id=B61462.16898857271953 (code B ref 61462); Thu, 20 Jul 2023 20:43:01 +0000 Received: (at 61462) by debbugs.gnu.org; 20 Jul 2023 20:42:07 +0000 Received: from localhost ([127.0.0.1]:60032 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qMaTO-0000VK-VM for submit@debbugs.gnu.org; Thu, 20 Jul 2023 16:42:07 -0400 Received: from tobias.gr ([80.241.217.52]:36824) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qMaTN-0000V4-3T for 61462@debbugs.gnu.org; Thu, 20 Jul 2023 16:42:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=vnOwixCqc40Cj EZZSwQq+Us9UMR4v2cKqqgUa9N7wfk=; h=date:subject:to:from; d=tobias.gr; b=ZDnqFDVqfoBrsefygn1ilv5s+tfYwmeddiUc2W/qtD+LZFZOEtzice734MDUExbfZmgT u0nDoWdM53bkK2wDgSjjl0iuSoG+et3Fm1GMw8xOZ3lIOUclgcMm6lAsvZCn20mI3wl1cP i7WsRDTjkyN1dqqlTF08QFQZK5niZvvOrL3g7IfJR44v6uMLXP3lU+ZsH4VP7lCS8wY4kG mAAihMsLmBTXDjwzeI6q+0PZiaHzdrVCAHRItd+BjQgt1JUhFl5rknTIHxGUTCxzZeJgj2 k1XaO9yiql2eJnIfW1ynS7+0FJuxKrPU82uTMKkTsRJ92amKjHC2PeMJBguna1vQ== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 514093f5 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462@debbugs.gnu.org>; Thu, 20 Jul 2023 20:41:47 +0000 (UTC) Date: Sun, 16 Jul 2023 01:59:51 +0200 Message-ID: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@tobias.gr> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Tobias Geerinckx-Rice X-ACL-Warn: , Tobias Geerinckx-Rice via Guix-patches X-Patchwork-Original-From: Tobias Geerinckx-Rice via Guix-patches via From: Tobias Geerinckx-Rice Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches It has been a warning for well over a year now. Now, with privileged-programs coming, don't let's support nested deprecation hacks. * gnu/system.scm (): Don't ‘sanitize’ the setuid-programs field. (ensure-setuid-program-list): Delete syntax. (%ensure-setuid-program-list): Delete variable. --- This is a quick snapshot of my rebased tree at the request of vagrantc. There shouldn't be any functional changes. If there are, that's cool too. gnu/system.scm | 28 +--------------------------- 1 file changed, 1 insertion(+), 27 deletions(-) base-commit: 21b718f4d6c3ded8ef50d12f6e9ae6474f74620f prerequisite-patch-id: efc79914a4e3e994a8786e02774237de36f6b105 prerequisite-patch-id: 1986dc849c15ae6c1502df25f9c17b53a02df83d prerequisite-patch-id: bb189cbd1346b0d00e9b79189155c9916731788b prerequisite-patch-id: 062a02ed88acf0f11c5895b67065faa55d71fae8 prerequisite-patch-id: 2eea585e7940a16c24baeed3b65a123b1b10fd6b prerequisite-patch-id: 31a3407b0c583d01cc2664168ec6cf499f10cb53 prerequisite-patch-id: a0566799f4aef296a3efcd228c3a223202662f86 prerequisite-patch-id: cd50cb9494a47433c7fd167729e239178c78d7f1 prerequisite-patch-id: e86e94b9a40613e3ce534ce778d027210b93b05a prerequisite-patch-id: c7068d2079b3d2f0f172cc4cf9e0791ff5e84da3 prerequisite-patch-id: b52b35693094914ea1962ac2f186a52617d38c8a prerequisite-patch-id: b2bdf5541825c9cd57d2fe3e3e9a90e5fc8ffbe6 prerequisite-patch-id: f085c8ee7c7f1d0250b0ed8a548a72d397d96056 prerequisite-patch-id: 49c8f3f912d24147362a3a874c2b2c0b4b182d5d prerequisite-patch-id: 1f0fc1ca1a40444f4831beaf3183d7d4f866fd6d prerequisite-patch-id: 8c69acfe3cb01ff3c0a46a2efe04b53ad063002d prerequisite-patch-id: 10f972ac75020ce096d83b53a68a3b2f1eba1c8c prerequisite-patch-id: 74586b82a25b775527adc7e8cf09b15bdb4850f7 prerequisite-patch-id: 7388ac8d395ef16830105026230e47d903026335 prerequisite-patch-id: 2c7df330bf50663218016e01b9c0922a6b3a001f prerequisite-patch-id: f45ec5e6d6023fc5538e1578bbb4e270d7b23baf prerequisite-patch-id: 0083d0b8d60fd0e526449cd192f153d0bd1bde0b prerequisite-patch-id: 7e6e4ab87b52996e9bb6cd8595889f21ba87e9fe diff --git a/gnu/system.scm b/gnu/system.scm index 23addf41e9..e32879b240 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -296,8 +296,7 @@ (define-record-type* operating-system (pam-services operating-system-pam-services ; list of PAM services (default (base-pam-services))) (setuid-programs operating-system-setuid-programs - (default %setuid-programs) ; list of - (sanitize ensure-setuid-program-list)) + (default %setuid-programs)) ; list of (sudoers-file operating-system-sudoers-file ; file-like (default %sudoers-specification)) @@ -1203,31 +1202,6 @@ (define (operating-system-environment-variables os) ;; when /etc/machine-id is missing. Make sure these warnings are non-fatal. ("DBUS_FATAL_WARNINGS" . "0"))) -;; Ensure LST is a list of records and warn otherwise. -(define-with-syntax-properties (ensure-setuid-program-list (lst properties)) - (%ensure-setuid-program-list lst properties)) - -;; We want to be able to use defines, so define a procedure. -(define (%ensure-setuid-program-list lst properties) - (define warned? #f) - - (define (warn-once) - (unless warned? - (warning (source-properties->location properties) - (G_ "representing setuid programs with file-like objects is \ -deprecated; use 'setuid-program' instead~%")) - (set! warned? #t))) - - (map (match-lambda - ((? setuid-program? program) - program) - (program - ;; PROGRAM is a file-like or a gexp like #~(string-append #$foo - ;; "/bin/bar"). - (warn-once) - (setuid-program (program program)))) - lst)) - (define %setuid-programs ;; Default set of setuid-root programs. (let ((shadow (@ (gnu packages admin) shadow))) From patchwork Sat Jul 15 23:59:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Tobias Geerinckx-Rice X-Patchwork-Id: 51874 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id C1F6827BBE9; Thu, 20 Jul 2023 21:43:51 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 4F78B27BBE2 for ; Thu, 20 Jul 2023 21:43:49 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qMaUK-0007PI-Ma; Thu, 20 Jul 2023 16:43:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qMaUJ-0007OG-A9 for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:03 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qMaUJ-0007D9-2g for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qMaUI-0000Yg-Ur for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#61462] [PATCH v2 02/10] services: setuid-program: Populate /run/privileged/bin. Resent-From: Tobias Geerinckx-Rice Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 20 Jul 2023 20:43:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61462 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 61462@debbugs.gnu.org Received: via spool by 61462-submit@debbugs.gnu.org id=B61462.16898857342010 (code B ref 61462); Thu, 20 Jul 2023 20:43:02 +0000 Received: (at 61462) by debbugs.gnu.org; 20 Jul 2023 20:42:14 +0000 Received: from localhost ([127.0.0.1]:60046 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qMaTV-0000WF-Bt for submit@debbugs.gnu.org; Thu, 20 Jul 2023 16:42:13 -0400 Received: from tobias.gr ([2a02:c205:2020:6054::1]:51548) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qMaTO-0000V6-08 for 61462@debbugs.gnu.org; Thu, 20 Jul 2023 16:42:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=zQ7n98Zu4iZJf qQlpyjTH+lcrgZkw69P+WJewcLh18w=; h=references:in-reply-to:date: subject:to:from; d=tobias.gr; b=Zyrp39uUeQ/YOuXezxhyoUNkxsByX55MvRrMlg ajU9az75w2iv9rQo3ENpPt4WWvcWIbGAlgrUTo+0+tteFG8JtasBoWZdwk97GeANZyS+kU PpfwpQIJ9TxHw8odKVkBKce+oiGIK5fSxNiL+iS+uoy05/QvjSaTSxJ0jeGbNb657yfCkc e8z61ODgLrlc8fALoYQ9NvFxC1qtzi8y2mZwmGKzlUdgsxUljlLQy2pBA8f9sD8EixKF6X THl9dtPIQBdv3Ggu9EeChi929mVvzmglzhbhFV8o2Gl4pCgJ8f26etqMeV3xjlgTrx4W8E pHv9LppW/W3zH/8r3SKGBXOA== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id c653cf7c (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462@debbugs.gnu.org>; Thu, 20 Jul 2023 20:41:48 +0000 (UTC) Date: Sun, 16 Jul 2023 01:59:52 +0200 Message-ID: <482841db32bd1baf69af0a09705bd387ed04e346.1689465600.git.me@tobias.gr> X-Mailer: git-send-email 2.41.0 In-Reply-To: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@tobias.gr> References: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@tobias.gr> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Tobias Geerinckx-Rice X-ACL-Warn: , Tobias Geerinckx-Rice via Guix-patches X-Patchwork-Original-From: Tobias Geerinckx-Rice via Guix-patches via From: Tobias Geerinckx-Rice Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Create /run/setuid-programs compatibility symlinks so that we can migrate all users (both package and human) piecemeal at our leisure. Apart from being symlinks, this should be a user-invisible change. * gnu/build/activation.scm (%privileged-program-directory): New variable. [activate-setuid-programs]: Put privileged copies in %PRIVILEGED-PROGRAM-DIRECTORY, with compatibility symlinks to each in %SETUID-DIRECTORY. * gnu/services.scm (setuid-program-service-type): Update docstring. * doc/guix.texi (Setuid Programs): Update @file{} name accordingly. --- doc/guix.texi | 2 +- gnu/build/activation.scm | 54 ++++++++++++++++++++++++++-------------- gnu/services.scm | 9 +++++-- 3 files changed, 44 insertions(+), 21 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 1d8ebcd72f..9426c72e1e 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -39383,7 +39383,7 @@ Setuid Programs @end defvar Under the hood, the actual setuid programs are created in the -@file{/run/setuid-programs} directory at system activation time. The +@file{/run/privileged/bin} directory at system activation time. The files in this directory refer to the ``real'' binaries, which are in the store. diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm index eea2233563..7f4800bba1 100644 --- a/gnu/build/activation.scm +++ b/gnu/build/activation.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2021 Maxime Devos ;;; Copyright © 2020 Christine Lemmer-Webber ;;; Copyright © 2021 Brice Waegeneire +;;; Copyright © 2022 Tobias Geerinckx-Rice ;;; ;;; This file is part of GNU Guix. ;;; @@ -278,14 +279,29 @@ (define (activate-etc etc) string)) + (scandir directory + (lambda (file) + (not (member file '("." "..")))) + string)) - (scandir %setuid-directory - (lambda (file) - (not (member file '("." "..")))) - string. (format (current-error-port) "warning: failed to make ~s setuid/setgid: ~a~%" diff --git a/gnu/services.scm b/gnu/services.scm index 109e050a23..eefe58b336 100644 --- a/gnu/services.scm +++ b/gnu/services.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2021 raid5atemyhomework ;;; Copyright © 2020 Christine Lemmer-Webber ;;; Copyright © 2020, 2021 Brice Waegeneire +;;; Copyright © 2022 Tobias Geerinckx-Rice ;;; Copyright © 2023 Brian Cully ;;; ;;; This file is part of GNU Guix. @@ -892,8 +893,12 @@ (define setuid-program-service-type (extend (lambda (config extensions) (append config extensions))) (description - "Populate @file{/run/setuid-programs} with the specified -executables, making them setuid and/or setgid."))) + "Copy the specified executables to @file{/run/privileged/bin} +and apply special privileges like setuid and/or setgid. + +The deprecated @file{/run/setuid-programs} directory is also populated with +symbolic links to their @file{/run/privileged/bin} counterpart. It will be +removed in a future Guix release."))) (define (packages->profile-entry packages) "Return a system entry for the profile containing PACKAGES." From patchwork Sat Jul 15 23:59:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tobias Geerinckx-Rice X-Patchwork-Id: 51876 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id EA77E27BBE9; Thu, 20 Jul 2023 21:43:57 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id E579B27BBE2 for ; Thu, 20 Jul 2023 21:43:56 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qMaUK-0007Od-1z; Thu, 20 Jul 2023 16:43:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qMaUI-0007O1-RK for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:02 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qMaUI-0007Cs-J4 for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qMaUI-0000YZ-Ee for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#61462] [PATCH v2 03/10] system: Use /run/privileged/bin in search paths. Resent-From: Tobias Geerinckx-Rice Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 20 Jul 2023 20:43:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61462 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 61462@debbugs.gnu.org Received: via spool by 61462-submit@debbugs.gnu.org id=B61462.16898857332002 (code B ref 61462); Thu, 20 Jul 2023 20:43:02 +0000 Received: (at 61462) by debbugs.gnu.org; 20 Jul 2023 20:42:13 +0000 Received: from localhost ([127.0.0.1]:60044 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qMaTU-0000WC-FU for submit@debbugs.gnu.org; Thu, 20 Jul 2023 16:42:13 -0400 Received: from tobias.gr ([80.241.217.52]:36824) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qMaTO-0000V4-C2 for 61462@debbugs.gnu.org; Thu, 20 Jul 2023 16:42:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=MeCDTHfC0daZ8 5fKkZ2GxjWavigkWvv+J33ULNyVxTo=; h=references:in-reply-to:date: subject:to:from; d=tobias.gr; b=Cod5h3arcBD9Z7vMrp2ds7W/eypdb+A6yUC31O 3NEzNoiV32kPrmXzYTs/9KLT85UmalZKPJCRYn2VYcWG95teIg2RjJaDE3o957CDbCIm77 49pWFq4S/ZF1Zs6K6GmBJxKWbk0daauP1LOHGhJAQ7bU811CryVTLIHul3MMartFAqoPmN 8HD4wCie7ZvKYHgSjgpHN4wdgOjqg+ywj/svIGH/hsGjJPewla6Xliz+uBXjNKy/nUWK6r Q5dJmObPz6CXRWxsz+boQRnAAZuAJOoFrmXEWZtyq8ZmvCmKVhUO+Z+ddeeAnXjpvjVrkT kmkDusPKZ2V0VY5rcqiAKzrQ== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 3549850a (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462@debbugs.gnu.org>; Thu, 20 Jul 2023 20:41:48 +0000 (UTC) Date: Sun, 16 Jul 2023 01:59:53 +0200 Message-ID: <0600bad063dc787892f74e148755532d25e61257.1689465600.git.me@tobias.gr> X-Mailer: git-send-email 2.41.0 In-Reply-To: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@tobias.gr> References: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@tobias.gr> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Tobias Geerinckx-Rice X-ACL-Warn: , Tobias Geerinckx-Rice via Guix-patches X-Patchwork-Original-From: Tobias Geerinckx-Rice via Guix-patches via From: Tobias Geerinckx-Rice Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/system.scm (operating-system-etc-service): Substitute /run/privileged/bin for deprecated /run/setuid-programs. --- gnu/system.scm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gnu/system.scm b/gnu/system.scm index e32879b240..b68c4d272b 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -985,10 +985,10 @@ (define* (operating-system-etc-service os) (plain-file "login.defs" (string-append "# Default paths for non-login shells started by su(1).\n" - "ENV_PATH /run/setuid-programs:" + "ENV_PATH /run/privileged/bin:" "/run/current-system/profile/bin:" "/run/current-system/profile/sbin\n" - "ENV_SUPATH /run/setuid-programs:" + "ENV_SUPATH /run/privileged/bin:" "/run/current-system/profile/bin:" "/run/current-system/profile/sbin\n" @@ -1051,8 +1051,8 @@ (define* (operating-system-etc-service os) fi done -# Prepend setuid programs. -export PATH=/run/setuid-programs:$PATH +# Prepend privileged programs. +export PATH=/run/privileged/bin:$PATH # Arrange so that ~/.config/guix/current/share/info comes first. export INFOPATH=\"$HOME/.config/guix/current/share/info:$INFOPATH\" From patchwork Sat Jul 15 23:59:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Tobias Geerinckx-Rice X-Patchwork-Id: 51880 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 5DBC927BBE9; Thu, 20 Jul 2023 21:44:10 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id C824727BBE2 for ; Thu, 20 Jul 2023 21:44:02 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qMaUP-0007S4-Kh; Thu, 20 Jul 2023 16:43:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qMaUM-0007QG-Hm for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:06 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qMaUM-0007Dn-9N for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:06 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qMaUK-0000Z3-De; Thu, 20 Jul 2023 16:43:04 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#61462] [PATCH v2 04/10] gnu: Replace (almost) all uses of /run/setuid-programs. Resent-From: Tobias Geerinckx-Rice Original-Sender: "Debbugs-submit" Resent-CC: leo@famulari.name, liliana.prikler@gmail.com, maxim.cournoyer@gmail.com, rg@raghavgururajan.name, me@tobias.gr, guix-patches@gnu.org Resent-Date: Thu, 20 Jul 2023 20:43:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61462 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 61462@debbugs.gnu.org Cc: Leo Famulari , Liliana Marie Prikler , Maxim Cournoyer , Raghav Gururajan , Tobias Geerinckx-Rice X-Debbugs-Original-Xcc: Leo Famulari , Liliana Marie Prikler , Maxim Cournoyer , Raghav Gururajan , Tobias Geerinckx-Rice Received: via spool by 61462-submit@debbugs.gnu.org id=B61462.16898857362032 (code B ref 61462); Thu, 20 Jul 2023 20:43:04 +0000 Received: (at 61462) by debbugs.gnu.org; 20 Jul 2023 20:42:16 +0000 Received: from localhost ([127.0.0.1]:60052 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qMaTX-0000Wb-11 for submit@debbugs.gnu.org; Thu, 20 Jul 2023 16:42:15 -0400 Received: from tobias.gr ([80.241.217.52]:36824) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qMaTP-0000V4-7k for 61462@debbugs.gnu.org; Thu, 20 Jul 2023 16:42:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=0FSTh1NoTBq9j Z47sqYRZXxXyaqdbtnWI1KKeWeorp8=; h=references:in-reply-to:date: subject:to:from; d=tobias.gr; b=CFGCBAn2ZOjc8Mkn3GOnGjs69SRNtUds9CeSeT PMVjgEK1csbkG+ZUP6984d9aJzNxEIevxk8tUrLJLASrnt7ICkwXLfSMXKU6LNoDmkCKKh 8wgPojbQIQj7png0C/a0LuElzTlE8Yr18y5kpQu5JF1GvXQSNAbhbReN6oaMQU7r+w+h3R O/DZVsr59jSUo8vVB3S2nk/pzq8AMvQ6t/4I8tILRA6S6kGH+gnkPRlv5m43RlRnP/ORcB NTGNqJE5y3f6ARUIzj51pLgTk9v9x8IkMH8UICTw+oCy6WGJH7L1nVVlwASmAJCURR8ZC5 EeZaC0AFWEDY3yh74IpnKSgQ== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id e4007eba (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462@debbugs.gnu.org>; Thu, 20 Jul 2023 20:41:48 +0000 (UTC) Date: Sun, 16 Jul 2023 01:59:54 +0200 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@tobias.gr> References: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@tobias.gr> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Tobias Geerinckx-Rice X-ACL-Warn: , Tobias Geerinckx-Rice via Guix-patches X-Patchwork-Original-From: Tobias Geerinckx-Rice via Guix-patches via From: Tobias Geerinckx-Rice Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches …those good for master, anyway. * gnu/packages/admin.scm (ktsuss, opendoas, hosts) [arguments]: Replace /run/setuid-programs with /run/privileged/bin. * gnu/packages/containers.scm (slirp4netns)[arguments]: Likewise. * gnu/packages/debian.scm (pbuilder)[arguments]: Likewise. * gnu/packages/disk.scm (udevil)[arguments]: Likewise. * gnu/packages/enlightenment.scm (efl, enlightenment) [arguments]: Likewise. * gnu/packages/gnome.scm (gdm, gnome-control-center) [arguments]: Likewise. * gnu/packages/linux.scm (singularity)[arguments]: Likewise. * gnu/packages/lxde.scm (spacefm)[arguments]: Likewise. * gnu/packages/monitoring.scm (zabbix-agentd)[arguments]: Likewise. * gnu/packages/virtualization.scm (ganeti)[arguments]: Likewise. * gnu/packages/xdisorg.scm (xsecurelock)[arguments]: Likewise. * gnu/services/dbus.scm (dbus-configuration-directory): Likewise. * gnu/services/ganeti.scm (%default-ganeti-environment-variables): Likewise. * gnu/services/monitoring.scm (zabbix-agent-shepherd-service): Likewise. * gnu/tests/ldap.scm (marionette): Likewise. * gnu/tests/monitoring.scm (os): Likewise. --- gnu/machine/ssh.scm | 2 ++ gnu/packages/admin.scm | 6 +++--- gnu/packages/containers.scm | 2 +- gnu/packages/debian.scm | 4 ++-- gnu/packages/disk.scm | 14 +++++++------- gnu/packages/enlightenment.scm | 10 +++++----- gnu/packages/gnome.scm | 4 ++-- gnu/packages/linux.scm | 2 +- gnu/packages/lxde.scm | 19 ++++++++----------- gnu/packages/monitoring.scm | 2 +- gnu/packages/virtualization.scm | 2 +- gnu/packages/xdisorg.scm | 2 +- gnu/services/dbus.scm | 2 +- gnu/services/ganeti.scm | 2 +- gnu/services/monitoring.scm | 2 +- gnu/tests/ldap.scm | 2 +- gnu/tests/monitoring.scm | 4 ++-- 17 files changed, 40 insertions(+), 41 deletions(-) diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm index 343cf74748..26ea787e29 100644 --- a/gnu/machine/ssh.scm +++ b/gnu/machine/ssh.scm @@ -177,6 +177,8 @@ (define (machine-become-command machine) (if (string= "root" (machine-ssh-configuration-user (machine-configuration machine))) '() + ;; Use the old setuid-programs location until the remote is likely to + ;; have the new /run/privileged one in place. '("/run/setuid-programs/sudo" "-n" "--"))) (define (managed-host-remote-eval machine exp) diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index ec32041055..c42f23f437 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -205,7 +205,7 @@ (define-public ktsuss (lambda _ (substitute* "configure.ac" (("supath=`which su 2>/dev/null`") - "supath=/run/setuid-programs/su")) + "supath=/run/privileged/bin/su")) #t))))) (native-inputs (list autoconf automake libtool pkg-config)) @@ -2077,7 +2077,7 @@ (define-public opendoas (substitute* "doas.c" (("safepath =" match) (string-append match " \"" - "/run/setuid-programs:" + "/run/privileged/bin:" "/run/current-system/profile/bin:" "/run/current-system/profile/sbin:" "\" "))))) @@ -4918,7 +4918,7 @@ (define-public hosts ":" (assoc-ref %build-inputs "grep") "/bin" ":" (assoc-ref %build-inputs "ncurses") "/bin" ":" (assoc-ref %build-inputs "sed") "/bin" - ":" "/run/setuid-programs" + ":" "/run/privileged/bin" ":" (getenv "PATH"))) (substitute* "hosts" (("#!/usr/bin/env bash") diff --git a/gnu/packages/containers.scm b/gnu/packages/containers.scm index 232d994fe3..92573f211d 100644 --- a/gnu/packages/containers.scm +++ b/gnu/packages/containers.scm @@ -237,7 +237,7 @@ (define-public slirp4netns (add-after 'unpack 'fix-hardcoded-paths (lambda _ (substitute* (find-files "tests" "\\.sh") - (("ping") "/run/setuid-programs/ping"))))))) + (("ping") "/run/privileged/bin/ping"))))))) (inputs (list glib libcap diff --git a/gnu/packages/debian.scm b/gnu/packages/debian.scm index c5cfda9f80..c18de1403c 100644 --- a/gnu/packages/debian.scm +++ b/gnu/packages/debian.scm @@ -494,8 +494,8 @@ (define-public pbuilder (lambda () (format #t "# A couple of presets to make this work more smoothly.~@ MIRRORSITE=\"http://deb.debian.org/debian\"~@ - if [ -r /run/setuid-programs/sudo ]; then~@ - PBUILDERROOTCMD=\"/run/setuid-programs/sudo -E\"~@ + if [ -r /run/privileged/bin/sudo ]; then~@ + PBUILDERROOTCMD=\"/run/privileged/bin/sudo -E\"~@ fi~@ PBUILDERSATISFYDEPENDSCMD=\"~a/lib/pbuilder/pbuilder-satisfydepends-apt\"~%" #$output))))) diff --git a/gnu/packages/disk.scm b/gnu/packages/disk.scm index 35ffcf173e..95688ad422 100644 --- a/gnu/packages/disk.scm +++ b/gnu/packages/disk.scm @@ -204,10 +204,10 @@ (define-public udevil ;; udevil expects these programs to be run with uid set as root. ;; user has to manually add these programs to setuid-programs. ;; mount and umount are default setuid-programs in guix system. - "--with-mount-prog=/run/setuid-programs/mount" - "--with-umount-prog=/run/setuid-programs/umount" - "--with-losetup-prog=/run/setuid-programs/losetup" - "--with-setfacl-prog=/run/setuid-programs/setfacl") + "--with-mount-prog=/run/privileged/bin/mount" + "--with-umount-prog=/run/privileged/bin/umount" + "--with-losetup-prog=/run/privileged/bin/losetup" + "--with-setfacl-prog=/run/privileged/bin/setfacl") #:phases (modify-phases %standard-phases (add-after 'unpack 'remove-root-reference @@ -218,12 +218,12 @@ (define-public udevil (add-after 'unpack 'patch-udevil-reference ;; udevil expects itself to be run with uid set as root. ;; devmon also expects udevil to be run with uid set as root. - ;; user has to manually add udevil to setuid-programs. + ;; user has to manually add udevil to privileged-programs. (lambda _ (substitute* "src/udevil.c" - (("/usr/bin/udevil") "/run/setuid-programs/udevil")) + (("/usr/bin/udevil") "/run/privileged/bin/udevil")) (substitute* "src/devmon" - (("`which udevil 2>/dev/null`") "/run/setuid-programs/udevil")) + (("`which udevil 2>/dev/null`") "/run/privileged/bin/udevil")) #t))))) (native-inputs (list intltool pkg-config)) diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm index 64d8945f8e..a6ee9dcb8a 100644 --- a/gnu/packages/enlightenment.scm +++ b/gnu/packages/enlightenment.scm @@ -149,8 +149,8 @@ (define-public efl "-Dbuild-examples=false" "-Decore-imf-loaders-disabler=scim" "-Dglib=true" - "-Dmount-path=/run/setuid-programs/mount" - "-Dunmount-path=/run/setuid-programs/umount" + "-Dmount-path=/run/privileged/bin/mount" + "-Dunmount-path=/run/privileged/bin/umount" "-Dnetwork-backend=connman" ,,@(if (member (%current-system) (package-transitive-supported-systems luajit)) @@ -338,7 +338,7 @@ (define-public enlightenment (substitute* '("src/bin/e_sys_main.c" "src/bin/e_util_suid.h") (("PATH=/bin:/usr/bin:/sbin:/usr/sbin") - (string-append "PATH=/run/setuid-programs:" + (string-append "PATH=/run/privileged/bin:" "/run/current-system/profile/bin:" "/run/current-system/profile/sbin"))) (substitute* "src/modules/everything/evry_plug_calc.c" @@ -347,8 +347,8 @@ (define-public enlightenment (("libddcutil\\.so\\.?" libddcutil) (string-append ddcutil "/lib/" libddcutil))) (substitute* "data/etc/meson.build" - (("/bin/mount") "/run/setuid-programs/mount") - (("/bin/umount") "/run/setuid-programs/umount") + (("/bin/mount") "/run/privileged/bin/mount") + (("/bin/umount") "/run/privileged/bin/umount") (("/usr/bin/eject") "/run/current-system/profile/bin/eject")) (substitute* "src/bin/system/e_system_power.c" (("systemctl") "loginctl")))))))) diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 11085ecc80..485b8a16ba 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -8813,7 +8813,7 @@ (define-public gdm "--localstatedir=/var" (string-append "-Ddefault-path=" - (string-join '("/run/setuid-programs" + (string-join '("/run/privileged/bin" "/run/current-system/profile/bin" "/run/current-system/profile/sbin") ":")) @@ -9088,7 +9088,7 @@ (define-public gnome-control-center inputs "bin/nm-connection-editor")))) (substitute* "panels/user-accounts/run-passwd.c" (("/usr/bin/passwd") - "/run/setuid-programs/passwd")) + "/run/privileged/bin/passwd")) (substitute* "panels/info-overview/cc-info-overview-panel.c" (("DATADIR \"/gnome/gnome-version.xml\"") (format #f "~s" (search-input-file diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 67128524ff..cc8d3be791 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -5114,7 +5114,7 @@ (define-public singularity (substitute* (find-files "libexec/cli" "\\.exec$") (("\\$SINGULARITY_libexecdir/singularity/bin/([a-z]+)-suid" _ program) - (string-append "/run/setuid-programs/singularity-" + (string-append "/run/privileged/bin/singularity-" program "-helper"))) ;; These squashfs mount options are apparently no longer diff --git a/gnu/packages/lxde.scm b/gnu/packages/lxde.scm index 0291f50302..1a969eb4b5 100644 --- a/gnu/packages/lxde.scm +++ b/gnu/packages/lxde.scm @@ -372,26 +372,23 @@ (define-public spacefm (substitute* '("mime-type/mime-type.c" "ptk/ptk-file-menu.c") (("/usr(/local)?/share/mime") mime))) #t))) - (add-after 'patch-mime-dirs 'patch-setuid-progs + (add-after 'patch-mime-dirs 'patch-privileged-programs (lambda _ - (let* ((su "/run/setuid-programs/su") - (mount "/run/setuid-programs/mount") - (umount "/run/setuid-programs/umount") - (udevil "/run/setuid-programs/udevil")) + (let ((privileged (lambda (command) + (string-append "/run/privileged/bin/" + command)))) (with-directory-excursion "src" (substitute* '("settings.c" "settings.h" "vfs/vfs-file-task.c" "vfs/vfs-volume-hal.c" "../data/ui/prefdlg.ui" "../data/ui/prefdlg2.ui") - (("(/usr)?/bin/su") su) - (("/(bin|sbin)/mount") mount) - (("/(bin|sbin)/umount") umount) - (("/usr/bin/udevil") udevil))) + (("(/usr)?/s?bin/(mount|umount|su|udevil)" _ _ command) + (privileged command)))) #t))) - (add-after 'patch-setuid-progs 'patch-spacefm-conf + (add-after 'patch-privileged-programs 'patch-spacefm.conf (lambda* (#:key inputs #:allow-other-keys) (substitute* "etc/spacefm.conf" (("#terminal_su=/bin/su") - "terminal_su=/run/setuid-programs/su") + "terminal_su=/run/privileged/bin/su") (("#graphical_su=/usr/bin/gksu") (string-append "graphical_su=" (search-input-file inputs "/bin/ktsuss"))))))) diff --git a/gnu/packages/monitoring.scm b/gnu/packages/monitoring.scm index 3238f11fb4..f935c015a4 100644 --- a/gnu/packages/monitoring.scm +++ b/gnu/packages/monitoring.scm @@ -186,7 +186,7 @@ (define-public zabbix-agentd "src/zabbix_server/server.c") ;; 'fping' must be setuid, so look for it in the usual location. (("/usr/sbin/fping6?") - "/run/setuid-programs/fping"))))) + "/run/privileged/bin/fping"))))) (build-system gnu-build-system) (arguments (list #:configure-flags diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index 9b1bdeb5e4..26e4ecff14 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -764,7 +764,7 @@ (define-public ganeti ;; hard coded PATH. Patch so it works on Guix System. (substitute* "src/Ganeti/Constants.hs" (("/sbin:/bin:/usr/sbin:/usr/bin") - "/run/setuid-programs:/run/current-system/profile/sbin:\ + "/run/privileged/bin:/run/current-system/profile/sbin:\ /run/current-system/profile/bin")))) (add-after 'bootstrap 'patch-sphinx-version-detection (lambda _ diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm index da5ca76e10..e7ede8de3e 100644 --- a/gnu/packages/xdisorg.scm +++ b/gnu/packages/xdisorg.scm @@ -2507,7 +2507,7 @@ (define-public xsecurelock '(#:configure-flags '("--with-pam-service-name=login" "--with-xkb" - "--with-default-authproto-module=/run/setuid-programs/authproto_pam"))) + "--with-default-authproto-module=/run/privileged/bin/authproto_pam"))) (native-inputs (list pandoc pkg-config)) (inputs diff --git a/gnu/services/dbus.scm b/gnu/services/dbus.scm index 5a0c634393..bb9efb1c56 100644 --- a/gnu/services/dbus.scm +++ b/gnu/services/dbus.scm @@ -115,7 +115,7 @@ (define (dbus-configuration-directory services) ;; failures such as on slow ;; computers with slow I/O. (limit (@ (name "auth_timeout")) "300000") - (servicehelper "/run/setuid-programs/dbus-daemon-launch-helper") + (servicehelper "/run/privileged/bin/dbus-daemon-launch-helper") ;; First, the '.service' files of services subject to activation. ;; We use a fixed location under /etc because the setuid helper diff --git a/gnu/services/ganeti.scm b/gnu/services/ganeti.scm index f4fec3833e..ee72946c88 100644 --- a/gnu/services/ganeti.scm +++ b/gnu/services/ganeti.scm @@ -182,7 +182,7 @@ (define-module (gnu services ganeti) ;; Ceph, Gluster, etc, without having to add absolute references to everything. (define %default-ganeti-environment-variables (list (string-append "PATH=" - (string-join '("/run/setuid-programs" + (string-join '("/run/privileged/bin" "/run/current-system/profile/sbin" "/run/current-system/profile/bin") ":")))) diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm index e698040078..c3fc8dafc8 100644 --- a/gnu/services/monitoring.scm +++ b/gnu/services/monitoring.scm @@ -1016,7 +1016,7 @@ (define (zabbix-agent-shepherd-service config) /etc/ssl/certs" "SSL_CERT_FILE=/run/current-system/profile\ /etc/ssl/certs/ca-certificates.crt" - "PATH=/run/setuid-programs:\ + "PATH=/run/privileged/bin:\ /run/current-system/profile/bin:/run/current-system/profile/sbin"))) (stop #~(make-kill-destructor))))) diff --git a/gnu/tests/ldap.scm b/gnu/tests/ldap.scm index 47e77c0c53..d5ab6899cf 100644 --- a/gnu/tests/ldap.scm +++ b/gnu/tests/ldap.scm @@ -144,7 +144,7 @@ (define (run-ldap-test) (test-assert "Can become LDAP user" (marionette-eval - '(zero? (system* "/run/setuid-programs/su" "eva" "-c" + '(zero? (system* "/run/privileged/bin/su" "eva" "-c" #$(file-append coreutils "/bin/true"))) marionette)) diff --git a/gnu/tests/monitoring.scm b/gnu/tests/monitoring.scm index bbab1d8acf..a0c8c929b1 100644 --- a/gnu/tests/monitoring.scm +++ b/gnu/tests/monitoring.scm @@ -189,11 +189,11 @@ (define* (run-zabbix-server-test name test-os) (start-service 'postgres)) marionette)) - ;; Add /run/setuid-programs to $PATH so that the scripts passed to + ;; Add privileged programs to $PATH so that the scripts passed to ;; 'system' can find 'sudo'. (marionette-eval '(setenv "PATH" - "/run/setuid-programs:/run/current-system/profile/bin") + "/run/privileged/bin:/run/current-system/profile/bin") marionette) (test-eq "postgres create zabbix user" From patchwork Sat Jul 15 23:59:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Tobias Geerinckx-Rice X-Patchwork-Id: 51871 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id F064D27BBEA; Thu, 20 Jul 2023 21:43:23 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 9E3F927BBE2 for ; Thu, 20 Jul 2023 21:43:22 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qMaUL-0007PS-9x; Thu, 20 Jul 2023 16:43:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qMaUJ-0007OX-Sh for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:03 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qMaUJ-0007DJ-Kd for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qMaUJ-0000Yo-E6 for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#61462] [PATCH v2 05/10] system: Add (gnu system privilege). Resent-From: Tobias Geerinckx-Rice Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 20 Jul 2023 20:43:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61462 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 61462@debbugs.gnu.org Received: via spool by 61462-submit@debbugs.gnu.org id=B61462.16898857342017 (code B ref 61462); Thu, 20 Jul 2023 20:43:03 +0000 Received: (at 61462) by debbugs.gnu.org; 20 Jul 2023 20:42:14 +0000 Received: from localhost ([127.0.0.1]:60048 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qMaTW-0000WN-1f for submit@debbugs.gnu.org; Thu, 20 Jul 2023 16:42:14 -0400 Received: from tobias.gr ([80.241.217.52]:53738) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qMaTP-0000VG-Fl for 61462@debbugs.gnu.org; Thu, 20 Jul 2023 16:42:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=fFenzCyWp34FY vC8s/VDuQRGKfgCWhC8SnolL/VRzVE=; h=references:in-reply-to:date: subject:to:from; d=tobias.gr; b=G/qmkX6NHtjyuZkTxBDo/JmxmMoeCQgBrm5kAx fc0x9LjQq7LoP1dgmvSbndSHPTYxc5G7t85lEXVhxdpZi7iiLnq70KL6+TKAXwSsJcsYUH Ff8CH/kVQzgihYGKsjBygWRAJBnwhXCDnbkefpsLmWw2kIoWzQ5+GJskGcyPB1r1y67/63 8G/BXsBHDcF2lG2GtAVg72pcjmZz31OUyg+Tf3+qmrV4i+vuCWbko3xqQ0dUl+xNnWcHll IQpArR+qVMwsU9hAjoOj4JlETrzqcYCOBog6PR7qppFqnzFt23ePVeVRUTB0xK0BuxMOKw 6a9HX7luxPPjHKrX5xjv7hxQ== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 295c9a2a (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462@debbugs.gnu.org>; Thu, 20 Jul 2023 20:41:49 +0000 (UTC) Date: Sun, 16 Jul 2023 01:59:55 +0200 Message-ID: <05b635bc74e8f726f03242a05a3007336fb29522.1689465600.git.me@tobias.gr> X-Mailer: git-send-email 2.41.0 In-Reply-To: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@tobias.gr> References: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@tobias.gr> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Tobias Geerinckx-Rice X-ACL-Warn: , Tobias Geerinckx-Rice via Guix-patches X-Patchwork-Original-From: Tobias Geerinckx-Rice via Guix-patches via From: Tobias Geerinckx-Rice Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/system/privilege.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. --- gnu/local.mk | 1 + gnu/system/privilege.scm | 58 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 gnu/system/privilege.scm diff --git a/gnu/local.mk b/gnu/local.mk index f10713f126..49298ff0ad 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -733,6 +733,7 @@ GNU_SYSTEM_MODULES = \ %D%/system/mapped-devices.scm \ %D%/system/nss.scm \ %D%/system/pam.scm \ + %D%/system/privilege.scm \ %D%/system/setuid.scm \ %D%/system/shadow.scm \ %D%/system/uuid.scm \ diff --git a/gnu/system/privilege.scm b/gnu/system/privilege.scm new file mode 100644 index 0000000000..d89d5d5d1c --- /dev/null +++ b/gnu/system/privilege.scm @@ -0,0 +1,58 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2021 Brice Waegeneire +;;; Copyright © 2022 Tobias Geerinckx-Rice +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu system privilege) + #:use-module (guix records) + #:export (privileged-program + privileged-program? + privileged-program-program + privileged-program-setuid? + privileged-program-setgid? + privileged-program-user + privileged-program-group + privileged-program-capabilities)) + +;;; Commentary: +;;; +;;; Data structures representing privileged programs: binaries with additional +;;; permissions such as setuid/setgid, or POSIX capabilities. This is meant to +;;; be used both on the host side and at run time--e.g., in activation snippets. +;;; +;;; Code: + +(define-record-type* + privileged-program make-privileged-program + privileged-program? + ;; File name of the program to assign elevated privileges. + (program privileged-program-program) ;file-like + ;; Whether to set the setuid (‘set user ID’) bit. + (setuid? privileged-program-setuid? ;boolean + (default #f)) + ;; Whether to set the setgid (‘set group ID’) bit. + (setgid? privileged-program-setgid? ;boolean + (default #f)) + ;; The user name or ID this should be set to (defaults to root's). + (user privileged-program-user ;integer or string + (default 0)) + ;; The group name or ID we want to set this to (defaults to root's). + (group privileged-program-group ;integer or string + (default 0)) + ;; POSIX capabilities in cap_from_text(3) form (defaults to #f: none). + (capabilities privileged-program-capabilities ;string or #f + (default #f))) From patchwork Sat Jul 15 23:59:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Tobias Geerinckx-Rice X-Patchwork-Id: 51872 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 8659827BBEA; Thu, 20 Jul 2023 21:43:32 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 666A627BBE2 for ; Thu, 20 Jul 2023 21:43:31 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qMaUL-0007PU-H1; Thu, 20 Jul 2023 16:43:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qMaUK-0007On-BE for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:04 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qMaUK-0007DQ-31 for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:04 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qMaUJ-0000Yv-Ux for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#61462] [PATCH v2 06/10] system: (gnu system setuid) wraps (gnu system privilege). Resent-From: Tobias Geerinckx-Rice Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 20 Jul 2023 20:43:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61462 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 61462@debbugs.gnu.org Received: via spool by 61462-submit@debbugs.gnu.org id=B61462.16898857352024 (code B ref 61462); Thu, 20 Jul 2023 20:43:03 +0000 Received: (at 61462) by debbugs.gnu.org; 20 Jul 2023 20:42:15 +0000 Received: from localhost ([127.0.0.1]:60050 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qMaTW-0000WU-Hd for submit@debbugs.gnu.org; Thu, 20 Jul 2023 16:42:14 -0400 Received: from tobias.gr ([2a02:c205:2020:6054::1]:51548) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qMaTP-0000V6-FL for 61462@debbugs.gnu.org; Thu, 20 Jul 2023 16:42:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=r4xj+47xf/BPp ZvWT3kGAqdgBx4AagTfmDZIYmdqEzc=; h=references:in-reply-to:date: subject:to:from; d=tobias.gr; b=AZ1fr7P4rO10zJFtjyhCWD4btAJh6kiWmAgS4m c1Kx66KBdUt5ICYeGdj7dBsb75cy7Y/n8UTbFneLo1Ve3r4xDrlk+vfrAWf4AEsBl4oLiv mELJXnGADvTjTm8i8tTDBiuucsPGyc+IS7OR9I4uOlVGSdHZzjN8USb17fgj4StSwrO3mq J9rjO43lC0S/MfMH4VlU/MUgnmtzhxtys6nLxQh4+T6t5HUjKXVIsQQarxQ0Xk6ZwYicxd AfcIXeiW+fbJEDNn7INOyRucd9FOL2QMcf7+uuXx+BQvgnzc32hLLqk1K1EVaRLh5g0eWz xH4tEeqZ2LNxUsGc6aWnRugw== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 33c1bad8 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462@debbugs.gnu.org>; Thu, 20 Jul 2023 20:41:49 +0000 (UTC) Date: Sun, 16 Jul 2023 01:59:56 +0200 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@tobias.gr> References: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@tobias.gr> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Tobias Geerinckx-Rice X-ACL-Warn: , Tobias Geerinckx-Rice via Guix-patches X-Patchwork-Original-From: Tobias Geerinckx-Rice via Guix-patches via From: Tobias Geerinckx-Rice Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/system/setuid.scm (setuid-program): Rewrite as syntax to create a record that is setuid by default. (setuid-program?, setuid-program-program, setuid-program-setuid?) (setuid-program-setgid?, setuid-program-user, setuid-program-group): Alias their privileged-program equivalent. --- gnu/system/setuid.scm | 44 +++++++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 20 deletions(-) diff --git a/gnu/system/setuid.scm b/gnu/system/setuid.scm index 83111d932c..4dd0cc8962 100644 --- a/gnu/system/setuid.scm +++ b/gnu/system/setuid.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2021 Brice Waegeneire +;;; Copyright © 2022 Tobias Geerinckx-Rice ;;; ;;; This file is part of GNU Guix. ;;; @@ -17,7 +18,9 @@ ;;; along with GNU Guix. If not, see . (define-module (gnu system setuid) - #:use-module (guix records) + #:use-module (gnu system privilege) + #:use-module (ice-9 match) + #:use-module (srfi srfi-1) #:export (setuid-program setuid-program? setuid-program-program @@ -30,28 +33,29 @@ (define-module (gnu system setuid) ;;; Commentary: ;;; -;;; Data structures representing setuid/setgid programs. This is meant to be -;;; used both on the host side and at run time--e.g., in activation snippets. +;;; Do not use this module in new code. It used to define data structures +;;; representing setuid/setgid programs, but is now a mere compatibility shim +;;; wrapping a subset of (gnu system privilege). ;;; ;;; Code: -(define-record-type* - setuid-program make-setuid-program - setuid-program? - ;; Path to program to link with setuid permissions - (program setuid-program-program) ;file-like - ;; Whether to set user setuid bit - (setuid? setuid-program-setuid? ;boolean - (default #t)) - ;; Whether to set group setgid bit - (setgid? setuid-program-setgid? ;boolean - (default #f)) - ;; The user this should be set to (defaults to root) - (user setuid-program-user ;integer or string - (default 0)) - ;; Group we want to set this to (defaults to root) - (group setuid-program-group ;integer or string - (default 0))) +(define-syntax setuid-program + (lambda (fields) + (syntax-case fields () + ((_ (field value) ...) + #`(privileged-program + (setuid? (match (assoc-ref '((field value) ...) 'setuid?) + ((#f) #f) + (_ #t))) + #,@(remove (match-lambda ((f _) (eq? (syntax->datum f) 'setuid?))) + #'((field value) ...))))))) + +(define setuid-program? privileged-program?) +(define setuid-program-program privileged-program-program) +(define setuid-program-setuid? privileged-program-setuid?) +(define setuid-program-setgid? privileged-program-setgid?) +(define setuid-program-user privileged-program-user) +(define setuid-program-group privileged-program-group) (define (file-like->setuid-program program) (setuid-program (program program))) From patchwork Sat Jul 15 23:59:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Tobias Geerinckx-Rice X-Patchwork-Id: 51873 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 0263F27BBE9; Thu, 20 Jul 2023 21:43:35 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id C458F27BBE2 for ; Thu, 20 Jul 2023 21:43:33 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qMaUN-0007Qx-DH; Thu, 20 Jul 2023 16:43:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qMaUM-0007Q6-6j for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:06 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qMaUK-0007Db-V1 for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:04 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qMaUK-0000Z9-Qo for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:04 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#61462] [PATCH v2 07/10] build: Rename activate-setuid-programs. Resent-From: Tobias Geerinckx-Rice Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 20 Jul 2023 20:43:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61462 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 61462@debbugs.gnu.org Received: via spool by 61462-submit@debbugs.gnu.org id=B61462.16898857362040 (code B ref 61462); Thu, 20 Jul 2023 20:43:04 +0000 Received: (at 61462) by debbugs.gnu.org; 20 Jul 2023 20:42:16 +0000 Received: from localhost ([127.0.0.1]:60054 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qMaTX-0000Wj-W1 for submit@debbugs.gnu.org; Thu, 20 Jul 2023 16:42:16 -0400 Received: from tobias.gr ([2a02:c205:2020:6054::1]:51548) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qMaTQ-0000V6-Nt for 61462@debbugs.gnu.org; Thu, 20 Jul 2023 16:42:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=ImXSL+e3vmn8t TrpEqYTNjkc+6HsTPFcPM6zjN+eDNo=; h=references:in-reply-to:date: subject:to:from; d=tobias.gr; b=cgo/WfwMpzAyZBUsauuGhdqvueGz5pl+xz8lAT Fg55EcriZPNXq5AZa4Kd/bc+qA8DCsFUwimVxSkEvJJWECpfrmw0Bu6tyWacw6+1jKpc2Q uzpTjKqY6+R7N8pKn7mxyyHE0n20NmUBCHa28HPO5pxv20boZA7xZ5WM1zs6dB0c+uN31v 24TmeMiyfCVMk0c90QrkS9colJvWOXuk+Tjt3Turf51n8zGNGdTp08JVH+tNrSW+XcnbJW 0QPCYQNmUNJfeUYCnWZ1dsvt/jJ8L08G5XqGD+yPG+i87e17ITGfXpLm807gyoARAp4r+F aNw/bIcW3D3pck8NPoyQsSoA== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id d133ca6a (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462@debbugs.gnu.org>; Thu, 20 Jul 2023 20:41:50 +0000 (UTC) Date: Sun, 16 Jul 2023 01:59:57 +0200 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@tobias.gr> References: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@tobias.gr> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Tobias Geerinckx-Rice X-ACL-Warn: , Tobias Geerinckx-Rice via Guix-patches X-Patchwork-Original-From: Tobias Geerinckx-Rice via Guix-patches via From: Tobias Geerinckx-Rice Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/build/activation.scm (activate-setuid-programs): Rename this… (activate-privileged-programs): …to this. Operate on a list of records. * gnu/services.scm (setuid-program->activation-gexp): Adjust caller. --- gnu/build/activation.scm | 24 ++++++++++++------------ gnu/services.scm | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm index 7f4800bba1..84fbeda162 100644 --- a/gnu/build/activation.scm +++ b/gnu/build/activation.scm @@ -27,7 +27,7 @@ (define-module (gnu build activation) #:use-module (gnu system accounts) - #:use-module (gnu system setuid) + #:use-module (gnu system privilege) #:use-module (gnu build accounts) #:use-module (gnu build linux-boot) #:use-module (guix build utils) @@ -41,7 +41,7 @@ (define-module (gnu build activation) #:export (activate-users+groups activate-user-home activate-etc - activate-setuid-programs + activate-privileged-programs activate-special-files activate-modprobe activate-firmware @@ -287,8 +287,8 @@ (define %privileged-program-directory ;; Place where privileged copies of programs are stored. "/run/privileged/bin") -(define (activate-setuid-programs programs) - "Turn PROGRAMS, a list of file setuid-programs records, into privileged +(define (activate-privileged-programs programs) + "Turn PROGRAMS, a list of file privileged-programs records, into privileged copies stored under %PRIVILEGED-PROGRAM-DIRECTORY." (define (ensure-empty-directory directory) (if (file-exists? directory) @@ -325,11 +325,11 @@ (define (activate-setuid-programs programs) (for-each (lambda (program) (catch 'system-error (lambda () - (let* ((program-name (setuid-program-program program)) - (setuid? (setuid-program-setuid? program)) - (setgid? (setuid-program-setgid? program)) - (user (setuid-program-user program)) - (group (setuid-program-group program)) + (let* ((program-name (privileged-program-program program)) + (setuid? (privileged-program-setuid? program)) + (setgid? (privileged-program-setgid? program)) + (user (privileged-program-user program)) + (group (privileged-program-group program)) (uid (match user ((? string?) (passwd:uid (getpwnam user))) ((? integer?) user))) @@ -339,13 +339,13 @@ (define (activate-setuid-programs programs) (make-privileged-program program-name setuid? setgid? uid gid) (make-deprecated-wrapper program-name))) (lambda args - ;; If we fail to create a setuid program, better keep going + ;; If we fail to create a privileged program, better keep going ;; so that we don't leave %PRIVILEGED-PROGRAM-DIRECTORY empty ;; or half-populated. This can happen if PROGRAMS contains ;; incorrect file names: . (format (current-error-port) - "warning: failed to make ~s setuid/setgid: ~a~%" - (setuid-program-program program) + "warning: failed to privilege ~s: ~a~%" + (privileged-program-program program) (strerror (system-error-errno args)))))) programs)) diff --git a/gnu/services.scm b/gnu/services.scm index eefe58b336..91584e64ca 100644 --- a/gnu/services.scm +++ b/gnu/services.scm @@ -882,7 +882,7 @@ (define (setuid-program->activation-gexp programs) #~(begin (use-modules (gnu system setuid)) - (activate-setuid-programs (list #$@programs)))))) + (activate-privileged-programs (list #$@programs)))))) (define setuid-program-service-type (service-type (name 'setuid-program) From patchwork Sat Jul 15 23:59:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Tobias Geerinckx-Rice X-Patchwork-Id: 51879 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id CBB6B27BBE9; Thu, 20 Jul 2023 21:44:08 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 9DD4E27BBEA for ; Thu, 20 Jul 2023 21:44:05 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qMaUP-0007S1-Hg; Thu, 20 Jul 2023 16:43:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qMaUM-0007QH-I4 for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:06 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qMaUM-0007Dp-AF for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:06 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qMaUL-0000ZG-64 for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:05 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#61462] [PATCH v2 08/10] services: Rename setuid-program-service-type. Resent-From: Tobias Geerinckx-Rice Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 20 Jul 2023 20:43:05 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61462 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 61462@debbugs.gnu.org Received: via spool by 61462-submit@debbugs.gnu.org id=B61462.16898857372049 (code B ref 61462); Thu, 20 Jul 2023 20:43:05 +0000 Received: (at 61462) by debbugs.gnu.org; 20 Jul 2023 20:42:17 +0000 Received: from localhost ([127.0.0.1]:60056 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qMaTY-0000Ww-Hb for submit@debbugs.gnu.org; Thu, 20 Jul 2023 16:42:17 -0400 Received: from tobias.gr ([80.241.217.52]:53738) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qMaTQ-0000VG-Qk for 61462@debbugs.gnu.org; Thu, 20 Jul 2023 16:42:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=4AFlEzXYTYbFC 0kM2rPc3Wl+LbLCfved6DhAQJPym8k=; h=references:in-reply-to:date: subject:to:from; d=tobias.gr; b=VkA1kalMsUs1VU3FNOqWU/BlXN9I8Z6yZZSNUq 8PSU/x5hjM0OfA2JCUxOebe2mDDbRGBiOsF2Zj3B9kQQGl7Hq4HlxCohwLwCNWLR9MYD+/ 04pCkAjjoa21U4pNC7zJMo5vtw4OFtY6W3abOA6dAI+WWsCx8gUwNlJTlkmRaqmM8VF1dF sUW2cLNHKf5bWX/X8yqxS++eBQz0K/ZU7pPrbIsk5bUjYiGKcx+QGgimMc5hPmrHNhkJlC PXR6x5kfuDe9VmTwrgzW+kRzZJrlLyfvBammWTOmGVGAssCJVT2re3FnpDMSpOAfhLNLxi vcRyrf1Haiiy1lnRNfotLyvg== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id c2c2c45f (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462@debbugs.gnu.org>; Thu, 20 Jul 2023 20:41:50 +0000 (UTC) Date: Sun, 16 Jul 2023 01:59:58 +0200 Message-ID: <18df04c97b0ad915e098a160d19d8f3ecb5e7e2a.1689465600.git.me@tobias.gr> X-Mailer: git-send-email 2.41.0 In-Reply-To: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@tobias.gr> References: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@tobias.gr> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Tobias Geerinckx-Rice X-ACL-Warn: , Tobias Geerinckx-Rice via Guix-patches X-Patchwork-Original-From: Tobias Geerinckx-Rice via Guix-patches via From: Tobias Geerinckx-Rice Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/services.scm (setuid-program->activation-gexp): Rename this… (privileged-program->activation-gexp): …to this. Operate on a list of records. (privileged-program-service-type): New variable, renamed from setuid-program-service-type. Rename the service-type accordingly. (setuid-program-service-type): Redefine as an alias for the above. --- gnu/services.scm | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/gnu/services.scm b/gnu/services.scm index 91584e64ca..5cb7f37c06 100644 --- a/gnu/services.scm +++ b/gnu/services.scm @@ -45,6 +45,7 @@ (define-module (gnu services) #:use-module (gnu packages base) #:use-module (gnu packages bash) #:use-module (gnu packages hurd) + #:use-module (gnu system privilege) #:use-module (gnu system setuid) #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) @@ -113,7 +114,8 @@ (define-module (gnu services) extra-special-file etc-service-type etc-directory - setuid-program-service-type + privileged-program-service-type + setuid-program-service-type ; deprecated profile-service-type firmware-service-type gc-root-service-type @@ -860,17 +862,17 @@ (define-deprecated (etc-service files) FILES must be a list of name/file-like object pairs." (service etc-service-type files)) -(define (setuid-program->activation-gexp programs) - "Return an activation gexp for setuid-program from PROGRAMS." +(define (privileged-program->activation-gexp programs) + "Return an activation gexp for privileged-program from PROGRAMS." (let ((programs (map (lambda (program) ;; FIXME This is really ugly, I didn't managed to use ;; "inherit" - (let ((program-name (setuid-program-program program)) - (setuid? (setuid-program-setuid? program)) - (setgid? (setuid-program-setgid? program)) - (user (setuid-program-user program)) - (group (setuid-program-group program)) ) - #~(setuid-program + (let ((program-name (privileged-program-program program)) + (setuid? (privileged-program-setuid? program)) + (setgid? (privileged-program-setgid? program)) + (user (privileged-program-user program)) + (group (privileged-program-group program)) ) + #~(privileged-program (setuid? #$setuid?) (setgid? #$setgid?) (user #$user) @@ -878,17 +880,17 @@ (define (setuid-program->activation-gexp programs) (program #$program-name)))) programs))) (with-imported-modules (source-module-closure - '((gnu system setuid))) + '((gnu system privilege))) #~(begin - (use-modules (gnu system setuid)) + (use-modules (gnu system privilege)) (activate-privileged-programs (list #$@programs)))))) -(define setuid-program-service-type - (service-type (name 'setuid-program) +(define privileged-program-service-type + (service-type (name 'privileged-program) (extensions (list (service-extension activation-service-type - setuid-program->activation-gexp))) + privileged-program->activation-gexp))) (compose concatenate) (extend (lambda (config extensions) (append config extensions))) @@ -900,6 +902,10 @@ (define setuid-program-service-type symbolic links to their @file{/run/privileged/bin} counterpart. It will be removed in a future Guix release."))) +(define setuid-program-service-type + ;; Deprecated alias to ease transition. Will be removed! + privileged-program-service-type) + (define (packages->profile-entry packages) "Return a system entry for the profile containing PACKAGES." ;; XXX: 'mlet' is needed here for one reason: to get the proper From patchwork Sat Jul 15 23:59:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tobias Geerinckx-Rice X-Patchwork-Id: 51875 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 1C75B27BBEA; Thu, 20 Jul 2023 21:43:53 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 41E4F27BBE2 for ; Thu, 20 Jul 2023 21:43:52 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qMaUO-0007R3-Q2; Thu, 20 Jul 2023 16:43:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qMaUL-0007Px-Uv for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:05 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qMaUL-0007Df-N4 for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:05 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qMaUL-0000ZN-In for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:05 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#61462] [PATCH v2 09/10] system: Use privileged-program-service-type by default. Resent-From: Tobias Geerinckx-Rice Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 20 Jul 2023 20:43:05 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61462 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 61462@debbugs.gnu.org Received: via spool by 61462-submit@debbugs.gnu.org id=B61462.16898857372057 (code B ref 61462); Thu, 20 Jul 2023 20:43:05 +0000 Received: (at 61462) by debbugs.gnu.org; 20 Jul 2023 20:42:17 +0000 Received: from localhost ([127.0.0.1]:60058 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qMaTZ-0000X0-6e for submit@debbugs.gnu.org; Thu, 20 Jul 2023 16:42:17 -0400 Received: from tobias.gr ([80.241.217.52]:36824) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qMaTR-0000V4-NL for 61462@debbugs.gnu.org; Thu, 20 Jul 2023 16:42:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=I2OKij9MWv21N vkx5g5FAzem7b5+qLvQHI0CVJq9P7c=; h=references:in-reply-to:date: subject:to:from; d=tobias.gr; b=A9jIBQgXVfm0Kg2brkr6ESIvS5oddD/UGO92Jy J4rGWK8tJ38QxMfZxjfIM8NX235a5gHqoQjZpTCwc69UejUb5FpVqi889DZFRLHggem7sf tdKtG5cO55hGZjCjsDnU3boL/PO0phq2oV1qC8FVssl2Qf56tS1ZSSHhXfHzrXHKqkmW96 z4d0cteiLjuDFRCw95EexrLO2eUDIXZ5gj7LDB9vVA9AmpMziy86wWu6chg4F1+KKCEk/h hLqLl3P+BQIX/MaWQ15Z8k/5iTiSGhuEOBHM5SSISIrodHWuIBnVwRU2rqq5ZlCBngtyV1 AnO1BNcy/w7cCwVuV/pZwC9A== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 28f24b01 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462@debbugs.gnu.org>; Thu, 20 Jul 2023 20:41:50 +0000 (UTC) Date: Sun, 16 Jul 2023 01:59:59 +0200 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@tobias.gr> References: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@tobias.gr> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Tobias Geerinckx-Rice X-ACL-Warn: , Tobias Geerinckx-Rice via Guix-patches X-Patchwork-Original-From: Tobias Geerinckx-Rice via Guix-patches via From: Tobias Geerinckx-Rice Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/system.scm (operating-system-default-essential-services) (hurd-default-essential-services): Substitute privileged-program-service-type for setuid-program-service-type. --- gnu/system.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/system.scm b/gnu/system.scm index b68c4d272b..39c10dddcb 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -783,7 +783,7 @@ (define (operating-system-default-essential-services os) (operating-system-environment-variables os)) (service host-name-service-type host-name) procs root-fs - (service setuid-program-service-type + (service privileged-program-service-type (operating-system-setuid-programs os)) (service profile-service-type (operating-system-packages os)) @@ -824,7 +824,7 @@ (define (hurd-default-essential-services os) (list `("hosts" ,hosts-file))) (service hosts-service-type (local-host-entries host-name))) - (service setuid-program-service-type + (service privileged-program-service-type (operating-system-setuid-programs os)) (service profile-service-type (operating-system-packages os))))) From patchwork Sun Jul 16 00:00:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Tobias Geerinckx-Rice X-Patchwork-Id: 51878 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 4B1B227BBE9; Thu, 20 Jul 2023 21:44:05 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id C4F0D27BBEA for ; Thu, 20 Jul 2023 21:44:01 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qMaUP-0007Rx-4y; Thu, 20 Jul 2023 16:43:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qMaUM-0007QF-Fk for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:06 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qMaUM-0007Dm-73 for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:06 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qMaUM-0000ZU-2i for guix-patches@gnu.org; Thu, 20 Jul 2023 16:43:06 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#61462] [PATCH v2 10/10] system: Add privileged-programs to . Resent-From: Tobias Geerinckx-Rice Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 20 Jul 2023 20:43:06 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61462 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 61462@debbugs.gnu.org Received: via spool by 61462-submit@debbugs.gnu.org id=B61462.16898857382064 (code B ref 61462); Thu, 20 Jul 2023 20:43:06 +0000 Received: (at 61462) by debbugs.gnu.org; 20 Jul 2023 20:42:18 +0000 Received: from localhost ([127.0.0.1]:60060 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qMaTZ-0000X8-Hj for submit@debbugs.gnu.org; Thu, 20 Jul 2023 16:42:18 -0400 Received: from tobias.gr ([2a02:c205:2020:6054::1]:51548) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qMaTR-0000V6-U3 for 61462@debbugs.gnu.org; Thu, 20 Jul 2023 16:42:11 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=6kkBI9n4TFSbC c3TeONf358gRsQ6d+f/X1w/baAoUc4=; h=references:in-reply-to:date: subject:to:from; d=tobias.gr; b=o4MrLctgJ29H+kHGQ+C6mKf3zkiCc8mJDVZqhr DmvJmfrzz7yXXO0KiCQDiL+QnPuTV1j/YPdPBoT+PmJyL2SV63fjmjoLMznOpmaxXm55ux dUpXQXxMEm7AiudJRRXCvk0bz36EUz2C6PQqhb8IgNKCmUKVlpNn68eeaGa122q9DXMf9V wYGd/HII2RHpPymLvnoGf7UlMphMELOq2xPiK6LPdNQMnfL/n1lPHy73o9w2UyzdjDkKGM +Sq3p62sKpIjFtyiwWcxCr1oJBK/0RUDteYXA+Bg6J16lS06K0koMB07+5SIQvbJla9sXh 5hIOso8i+afZUkDo0nX1zoig== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id af4e6bad (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462@debbugs.gnu.org>; Thu, 20 Jul 2023 20:41:51 +0000 (UTC) Date: Sun, 16 Jul 2023 02:00:00 +0200 Message-ID: <4e0fe1db5ac68e78dcc5221896797fc452bbdde1.1689465600.git.me@tobias.gr> X-Mailer: git-send-email 2.41.0 In-Reply-To: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@tobias.gr> References: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@tobias.gr> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Tobias Geerinckx-Rice X-ACL-Warn: , Tobias Geerinckx-Rice via Guix-patches X-Patchwork-Original-From: Tobias Geerinckx-Rice via Guix-patches via From: Tobias Geerinckx-Rice Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/system.scm (): Add new privileged-programs field, that defaults to… (%default-privileged-programs): …this new variable, renamed from… (%setuid-programs): …this, which is now defined as the empty list. * doc/guix.texi (Setuid Programs): Rename this… (Privileged Programs): …to this. Adjust all refs. Update all mentions of ‘setuid’ (whether in prose, variable names, or code samples) to use the new ‘privilege[d]’ terminology instead. (operating-system Reference, X Window, Desktop Services, Invoking guix system, Service Reference): Adjust likewise. --- doc/guix.texi | 89 ++++++++++++++++++++++------------------- gnu/packages/crypto.scm | 2 +- gnu/services.scm | 1 - gnu/system.scm | 21 ++++++++-- 4 files changed, 65 insertions(+), 48 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 9426c72e1e..0be8a2f4b5 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -362,7 +362,7 @@ Top * Keyboard Layout:: How the system interprets key strokes. * Locales:: Language and cultural convention settings. * Services:: Specifying system services. -* Setuid Programs:: Programs running with elevated privileges. +* Privileged Programs:: Programs running with elevated privileges. * X.509 Certificates:: Authenticating HTTPS servers. * Name Service Switch:: Configuring libc's name service switch. * Initial RAM Disk:: Linux-Libre bootstrapping. @@ -16712,7 +16712,7 @@ System Configuration * Keyboard Layout:: How the system interprets key strokes. * Locales:: Language and cultural convention settings. * Services:: Specifying system services. -* Setuid Programs:: Programs running with elevated privileges. +* Privileged Programs:: Programs running with elevated privileges. * X.509 Certificates:: Authenticating HTTPS servers. * Name Service Switch:: Configuring libc's name service switch. * Initial RAM Disk:: Linux-Libre bootstrapping. @@ -17159,9 +17159,9 @@ operating-system Reference Linux @dfn{pluggable authentication module} (PAM) services. @c FIXME: Add xref to PAM services section. -@item @code{setuid-programs} (default: @code{%setuid-programs}) -List of @code{}. @xref{Setuid Programs}, for more -information. +@item @code{privileged-programs} (default: @code{%default-privileged-programs}) +List of @code{}. @xref{Privileged Programs}, for +more information. @item @code{sudoers-file} (default: @code{%sudoers-specification}) @cindex sudoers file @@ -22760,10 +22760,10 @@ X Window @defvar screen-locker-service-type Type for a service that adds a package for a screen locker or screen -saver to the set of setuid programs and/or add a PAM entry for it. The +saver to the set of privileged programs and/or add a PAM entry for it. The value for this service is a @code{} object. -While the default behavior is to setup both a setuid program and PAM +While the default behavior is to setup both a privileged program and PAM entry, these two methods are redundant. Screen locker programs may not execute when PAM is configured and @code{setuid} is set on their executable. In this case, @code{using-setuid?} can be set to @code{#f}. @@ -23689,9 +23689,9 @@ Desktop Services system interfaces. Additionally, adding a service of type @code{mate-desktop-service-type} adds the MATE metapackage to the system profile. ``Adding Enlightenment'' means that @code{dbus} is extended -appropriately, and several of Enlightenment's binaries are set as setuid, -allowing Enlightenment's screen locker and other functionality to work as -expected. +appropriately, and several of Enlightenment's binaries are set as privileged +programs, allowing Enlightenment's screen locker and other functionality to +work as expected. The desktop environments in Guix use the Xorg display server by default. If you'd like to use the newer display server protocol @@ -26727,7 +26727,7 @@ Mail Services Make the following commands setgid to @code{smtpq} so they can be executed: @command{smtpctl}, @command{sendmail}, @command{send-mail}, @command{makemap}, @command{mailq}, and @command{newaliases}. -@xref{Setuid Programs}, for more information on setgid programs. +@xref{Privileged Programs}, for more information on setgid programs. @end table @end deftp @@ -38868,8 +38868,8 @@ Miscellaneous Services service is the Singularity package to use. The service does not install a daemon; instead, it installs helper programs as -setuid-root (@pxref{Setuid Programs}) such that unprivileged users can invoke -@command{singularity run} and similar commands. +setuid-root (@pxref{Privileged Programs}) such that unprivileged users can +invoke @command{singularity run} and similar commands. @end defvar @cindex Audit @@ -39300,11 +39300,14 @@ Miscellaneous Services @c End of auto-generated fail2ban documentation. -@node Setuid Programs -@section Setuid Programs +@node Privileged Programs +@section Privileged Programs +@cindex privileged programs @cindex setuid programs @cindex setgid programs +@cindex capabilities, POSIX +@cindex setcap Some programs need to run with elevated privileges, even when they are launched by unprivileged users. A notorious example is the @command{passwd} program, which users can run to change their @@ -39315,46 +39318,48 @@ Setuid Programs (@pxref{How Change Persona,,, libc, The GNU C Library Reference Manual}, for more info about the setuid mechanism). -The store itself @emph{cannot} contain setuid programs: that would be a -security issue since any user on the system can write derivations that +The store itself @emph{cannot} contain privileged programs: that would be +a security issue since any user on the system can write derivations that populate the store (@pxref{The Store}). Thus, a different mechanism is -used: instead of changing the setuid or setgid bits directly on files that -are in the store, we let the system administrator @emph{declare} which +used: instead of directly granting permissions to files that are in +the store, we let the system administrator @emph{declare} which programs should be entrusted with these additional privileges. -The @code{setuid-programs} field of an @code{operating-system} -declaration contains a list of @code{} denoting the +The @code{privileged-programs} field of an @code{operating-system} +declaration contains a list of @code{} denoting the names of programs to have a setuid or setgid bit set (@pxref{Using the Configuration System}). For instance, the @command{mount.nfs} program, which is part of the nfs-utils package, with a setuid root can be designated like this: @lisp -(setuid-program - (program (file-append nfs-utils "/sbin/mount.nfs"))) +(privileged-program + (program (file-append nfs-utils "/sbin/mount.nfs")) + (setuid? #t)) @end lisp And then, to make @command{mount.nfs} setuid on your system, add the previous example to your operating system declaration by appending it to -@code{%setuid-programs} like this: +@code{%default-privileged-programs} like this: @lisp (operating-system ;; Some fields omitted... - (setuid-programs - (append (list (setuid-program - (program (file-append nfs-utils "/sbin/mount.nfs")))) - %setuid-programs))) + (privileged-programs + (append (list (privileged-program + (program (file-append nfs-utils "/sbin/mount.nfs")) + (setuid? #t)) + %default-privileged-programs))) @end lisp -@deftp {Data Type} setuid-program -This data type represents a program with a setuid or setgid bit set. +@deftp {Data Type} privileged-program +This data type represents a program with special privileges, such as setuid @table @asis @item @code{program} -A file-like object having its setuid and/or setgid bit set. +A file-like object to which all given privileges should apply. -@item @code{setuid?} (default: @code{#t}) +@item @code{setuid?} (default: @code{#f}) Whether to set user setuid bit. @item @code{setgid?} (default: @code{#f}) @@ -39371,18 +39376,18 @@ Setuid Programs @end table @end deftp -A default set of setuid programs is defined by the -@code{%setuid-programs} variable of the @code{(gnu system)} module. +A default set of privileged programs is defined by the +@code{%default-privileged-programs} variable of the @code{(gnu system)} module. -@defvar %setuid-programs -A list of @code{} denoting common programs that are -setuid-root. +@defvar {Scheme Variable} %default-privileged-programs +A list of @code{} denoting common programs with +elevated privileges. The list includes commands such as @command{passwd}, @command{ping}, @command{su}, and @command{sudo}. @end defvar -Under the hood, the actual setuid programs are created in the +Under the hood, the actual privileged programs are created in the @file{/run/privileged/bin} directory at system activation time. The files in this directory refer to the ``real'' binaries, which are in the store. @@ -40276,7 +40281,7 @@ Invoking guix system @end quotation This effects all the configuration specified in @var{file}: user -accounts, system services, global package list, setuid programs, etc. +accounts, system services, global package list, privileged programs, etc. The command starts system services specified in @var{file} that are not currently running; if a service is currently running this command will arrange for it to be upgraded the next time it is stopped (e.g.@: by @@ -41649,10 +41654,10 @@ Service Reference pointing to the given file. @end defvar -@defvar setuid-program-service-type -Type for the ``setuid-program service''. This service collects lists of +@defvar privileged-program-service-type +Type for the ``privileged-program service''. This service collects lists of executable file names, passed as gexps, and adds them to the set of -setuid and setgid programs on the system (@pxref{Setuid Programs}). +privileged programs on the system (@pxref{Privileged Programs}). @end defvar @defvar profile-service-type diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm index 91acedbc97..5c711e0cc6 100644 --- a/gnu/packages/crypto.scm +++ b/gnu/packages/crypto.scm @@ -501,7 +501,7 @@ (define-public tomb `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))) ;; The "sudo" input is needed only to satisfy dependency checks in the ;; 'check' phase. The "sudo" used at runtime should come from the - ;; system's setuid-programs, so ensure no reference is kept. + ;; system's privileged-programs, so ensure no reference is kept. #:disallowed-references (,sudo) ;; TODO: Build and install gtk and qt trays #:phases diff --git a/gnu/services.scm b/gnu/services.scm index 5cb7f37c06..a96d42099f 100644 --- a/gnu/services.scm +++ b/gnu/services.scm @@ -46,7 +46,6 @@ (define-module (gnu services) #:use-module (gnu packages bash) #:use-module (gnu packages hurd) #:use-module (gnu system privilege) - #:use-module (gnu system setuid) #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) #:use-module (srfi srfi-9 gnu) diff --git a/gnu/system.scm b/gnu/system.scm index 39c10dddcb..572a0c19df 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -75,6 +75,7 @@ (define-module (gnu system) #:use-module (gnu system locale) #:use-module (gnu system pam) #:use-module (gnu system linux-initrd) + #:use-module (gnu system privilege) #:use-module (gnu system setuid) #:use-module (gnu system uuid) #:use-module (gnu system file-systems) @@ -128,6 +129,7 @@ (define-module (gnu system) operating-system-keyboard-layout operating-system-name-service-switch operating-system-pam-services + operating-system-privileged-programs operating-system-setuid-programs operating-system-skeletons operating-system-sudoers-file @@ -172,6 +174,7 @@ (define-module (gnu system) local-host-aliases ;deprecated %root-account + %default-privileged-programs %setuid-programs %sudoers-specification %base-packages @@ -295,7 +298,10 @@ (define-record-type* operating-system (pam-services operating-system-pam-services ; list of PAM services (default (base-pam-services))) + (privileged-programs operating-system-privileged-programs ; list of + (default %default-privileged-programs)) (setuid-programs operating-system-setuid-programs + ;; For backwards compatibility; will be removed. (default %setuid-programs)) ; list of (sudoers-file operating-system-sudoers-file ; file-like @@ -784,7 +790,8 @@ (define (operating-system-default-essential-services os) (service host-name-service-type host-name) procs root-fs (service privileged-program-service-type - (operating-system-setuid-programs os)) + (append (operating-system-privileged-programs os) + (operating-system-setuid-programs os))) (service profile-service-type (operating-system-packages os)) boot-fs non-boot-fs @@ -825,7 +832,8 @@ (define (hurd-default-essential-services os) (service hosts-service-type (local-host-entries host-name))) (service privileged-program-service-type - (operating-system-setuid-programs os)) + (append (operating-system-privileged-programs os) + (operating-system-setuid-programs os))) (service profile-service-type (operating-system-packages os))))) (define* (operating-system-services os) @@ -1202,8 +1210,7 @@ (define (operating-system-environment-variables os) ;; when /etc/machine-id is missing. Make sure these warnings are non-fatal. ("DBUS_FATAL_WARNINGS" . "0"))) -(define %setuid-programs - ;; Default set of setuid-root programs. +(define %default-privileged-programs (let ((shadow (@ (gnu packages admin) shadow))) (map file-like->setuid-program (list (file-append shadow "/bin/passwd") @@ -1225,6 +1232,12 @@ (define %setuid-programs (file-append util-linux "/bin/mount") (file-append util-linux "/bin/umount"))))) +(define %setuid-programs + ;; Do not add to this list or use it in new code! It's defined only to ease + ;; transition to %default-privileged-programs and will be removed. Some rare + ;; use cases already break, such as the obvious (remove … %setuid-programs). + '()) + (define %sudoers-specification ;; Default /etc/sudoers contents: 'root' and all members of the 'wheel' ;; group can do anything. See