X-Loop: help-debbugs@HIDDEN
Subject: [bug#57881] [PATCH] gnu: hikari: only allow use setuid hikari-unlocker.
Resent-From: =?UTF-8?Q?=E8=B7=AF=E8=BE=89?= <luhux76@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sat, 17 Sep 2022 12:24:02 +0000
Resent-Message-ID: <handler.57881.B.166341743613921 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 57881
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 57881 <at> debbugs.gnu.org
X-Debbugs-Original-To: guix-patches <guix-patches@HIDDEN>
Received: via spool by submit <at> debbugs.gnu.org id=B.166341743613921
(code B ref -1); Sat, 17 Sep 2022 12:24:02 +0000
Received: (at submit) by debbugs.gnu.org; 17 Sep 2022 12:23:56 +0000
Received: from localhost ([127.0.0.1]:45323 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1oZWrU-0003cT-2j
for submit <at> debbugs.gnu.org; Sat, 17 Sep 2022 08:23:56 -0400
Received: from lists.gnu.org ([209.51.188.17]:53780)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <luhux76@HIDDEN>) id 1oZWrP-0003cI-79
for submit <at> debbugs.gnu.org; Sat, 17 Sep 2022 08:23:54 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:33306)
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <luhux76@HIDDEN>) id 1oZWrO-0001DB-TO
for guix-patches@HIDDEN; Sat, 17 Sep 2022 08:23:50 -0400
Received: from mail-yb1-xb42.google.com ([2607:f8b0:4864:20::b42]:38531)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.90_1) (envelope-from <luhux76@HIDDEN>) id 1oZWrM-0007UO-OV
for guix-patches@HIDDEN; Sat, 17 Sep 2022 08:23:50 -0400
Received: by mail-yb1-xb42.google.com with SMTP id c9so36234591ybf.5
for <guix-patches@HIDDEN>; Sat, 17 Sep 2022 05:23:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date; bh=SldnTfcmrpVfetWewvg3iqt5873A17Hjj/UA2MtTwLs=;
b=K6ocV0k5iAmfUXzdHINrc/EhZL84lnqlSM/ULbw21uPrv6YMQ3t/f5Nx7S5sTpNZNI
1Ztsx/leAd3EjE0dhrmLN16N3mwWYrTZ4fFmuQamvSLV7FZH4uUk7mKUvvnOvf5eT6ea
9jw6o+HQug7hYu7G0WGSkCGLl9WVU8rPNgKEaOF0Y+4lepNwVN6MUgG9qJQkI+VS0tgw
zbLY7t7ZQiQKJPCN1JYEt/dp1p5zbqRy7a583pxWnn2DRGCBAz8MmXNMTeWFbeZ7dkSQ
LwccSEvKmP2tYzfeRTfRrRXwLO8iXKslMyHsiPnwxcALKGwDVlMhbDkH6IEVWvJBXc98
7JUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date;
bh=SldnTfcmrpVfetWewvg3iqt5873A17Hjj/UA2MtTwLs=;
b=AUOBgmE1zYCzpy7XNwm/gWnEDMA7PCF12y1E8Ihw0wvj/qR82o8eHXCi4HEQ4md5oO
YG9Bx+w7UNCYoZ/YSyiaEKawbNgYWeh+3msTl3TCw3rDWh8rk/0NRP7XcKJ2CbwcCHQk
j6Egr/Sq+Yci/a8RchGMiNSwoBoZymGQCdEKz+ymmcSqbo5z+++VpcfCWzvPB1NsA/iD
raHdboWpzmvKy66tSuPdKmXh2It3lByVvUckdRzLames4torDXEDCR6pntYWpvD8TxFr
NEF6fIgyQB7yyPIkTLen3Eq8OfLx6gN0x1GJTmyG4eg0cjBauC1RSq2dMYX2zDuBvE+e
04tg==
X-Gm-Message-State: ACrzQf1iNo778R9F2pM0k3D/oFr3yQtu+QlPss5ejuek8FRQR8IDMi/U
4iMTAWjQamCWpnLyZLctoCz5Bl0mmartkXZmaTdU2Xu7EogQTgrO
X-Google-Smtp-Source: AMsMyM7nnq/G+RbAh4LgwV5XBbFnjUbL+MScEH5beSoDLkz116nciU97Byv3S4g57jlXSUQVhGZ9gnDsHxgMsMUEXns=
X-Received: by 2002:a25:5c3:0:b0:6a9:90fb:c9e6 with SMTP id
186-20020a2505c3000000b006a990fbc9e6mr8120284ybf.152.1663417427642; Sat, 17
Sep 2022 05:23:47 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a0d:d0c6:0:0:0:0:0 with HTTP; Sat, 17 Sep 2022 05:23:45
-0700 (PDT)
From: =?UTF-8?Q?=E8=B7=AF=E8=BE=89?= <luhux76@HIDDEN>
Date: Sat, 17 Sep 2022 12:23:45 +0000
Message-ID: <CAGNyvehEsZ9xO5vJgWe1mQ9gpxfD+-JunkvOgd+2hNqOP0MY2w@HIDDEN>
Content-Type: multipart/mixed; boundary="000000000000e3625005e8de8cf0"
Received-SPF: pass client-ip=2607:f8b0:4864:20::b42;
envelope-from=luhux76@HIDDEN; helo=mail-yb1-xb42.google.com
X-Spam_score_int: -17
X-Spam_score: -1.8
X-Spam_bar: -
X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.1 (-)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.1 (--)
--000000000000e3625005e8de8cf0
Content-Type: text/plain; charset="UTF-8"
hikari-unlocker need setuid and pam to work.
if hikari exec a non-setuid hikari-unlocker, such as
"$HOME/.guix-profile/bin/hikari-unlocker", it will cause hikari's
lock-mode can't exit, only can press power button to exit it. :(
https://hikari.acmelabs.space/manpage.html
https://hub.darcs.net/raichoo/hikari/browse/src/lock_mode.c#71
--000000000000e3625005e8de8cf0
Content-Type: text/x-patch; charset="UTF-8";
name="0001-gnu-hikari-only-allow-use-setuid-hikari-unlocker.patch"
Content-Disposition: attachment;
filename="0001-gnu-hikari-only-allow-use-setuid-hikari-unlocker.patch"
Content-Transfer-Encoding: base64
X-Attachment-Id: file0
RnJvbSBkMWJlZGJjM2M4NTBjZjBhNjBiMTgyOTk5YzIyOTA3OWJhZDljZDk5IE1vbiBTZXAgMTcg
MDA6MDA6MDAgMjAwMQpGcm9tOiBMdSBIdWkgPGx1aHV4NzZAZ21haWwuY29tPgpEYXRlOiBTYXQs
IDE3IFNlcCAyMDIyIDIwOjEwOjM0ICswODAwClN1YmplY3Q6IFtQQVRDSF0gZ251OiBoaWthcmk6
IG9ubHkgYWxsb3cgdXNlIHNldHVpZCBoaWthcmktdW5sb2NrZXIuCgoqIGdudS9wYWNrYWdlcy93
bS5zY20gKGhpa2FyaSkKW3BoYXNlc117Zm9yY2UtdXNlLXNldHVpZC11bmxvY2tlcn06IHJlcGxh
Y2UgInNoIC1jIGhpa2FyaS11bmxvY2tlciIgdG8KIi9ydW4vc2V0dWlkLXByb2dyYW1zL2hpa2Fy
aS11bmxvY2tlciIKLS0tCiBnbnUvcGFja2FnZXMvd20uc2NtIHwgMTIgKysrKysrKysrKystCiAx
IGZpbGUgY2hhbmdlZCwgMTEgaW5zZXJ0aW9ucygrKSwgMSBkZWxldGlvbigtKQoKZGlmZiAtLWdp
dCBhL2dudS9wYWNrYWdlcy93bS5zY20gYi9nbnUvcGFja2FnZXMvd20uc2NtCmluZGV4IGYzMjkw
MjBlYjQuLmQwNTg2ZWZiNjMgMTAwNjQ0Ci0tLSBhL2dudS9wYWNrYWdlcy93bS5zY20KKysrIGIv
Z251L3BhY2thZ2VzL3dtLnNjbQpAQCAtNTcsNiArNTcsNyBAQAogOzs7IENvcHlyaWdodCDCqSAy
MDIyIG11cmFkbSA8bWFpbEBtdXJhZG0ubmV0PgogOzs7IENvcHlyaWdodCDCqSAyMDIyIEVsYWlz
IFBsYXllciA8ZWxhaXNAZmFzdG1haWwuY29tPgogOzs7IENvcHlyaWdodCDCqSAyMDIyIFRyZXZv
ciBSaWNoYXJkcyA8dHJldkB0cmV2ZGV2LmNhPgorOzs7IENvcHlyaWdodCDCqSAyMDIyIEx1SHVp
IDxsdWh1eDc2QGdtYWlsLmNvbT4KIDs7OwogOzs7IFRoaXMgZmlsZSBpcyBwYXJ0IG9mIEdOVSBH
dWl4LgogOzs7CkBAIC0yNjMyLDYgKzI2MzMsMTEgQEAgKGRlZmluZS1wdWJsaWMgaGlrYXJpCiAg
ICAgICAgICJXSVRIX1ZJUlRVQUxfSU5QVVQ9WUVTIikKICAgICAgICAjOnBoYXNlcwogICAgICAg
IChtb2RpZnktcGhhc2VzICVzdGFuZGFyZC1waGFzZXMKKyAgICAgICAgIChhZGQtYWZ0ZXIgJ3Vu
cGFjayAnZm9yY2UtdXNlLXNldHVpZC11bmxvY2tlcgorICAgICAgICAgICAobGFtYmRhIF8KKyAg
ICAgICAgICAgICAoc3Vic3RpdHV0ZSogInNyYy9sb2NrX21vZGUuYyIKKyAgICAgICAgICAgICAg
ICgoIlwiL2Jpbi9zaFwiLCBcIi9iaW4vc2hcIiwgXCItY1wiLCBcImhpa2FyaS11bmxvY2tlclwi
IikKKyAgICAgICAgICAgICAgICAiXCIvcnVuL3NldHVpZC1wcm9ncmFtcy9oaWthcmktdW5sb2Nr
ZXJcIiIpKSkpCiAgICAgICAgICAoZGVsZXRlICdjb25maWd1cmUpCiAgICAgICAgICAocmVwbGFj
ZSAnYnVpbGQKICAgICAgICAgICAgKGxhbWJkYSogKCM6a2V5IGlucHV0cyBvdXRwdXRzIG1ha2Ut
ZmxhZ3MgIzphbGxvdy1vdGhlci1rZXlzKQpAQCAtMjY0Myw3ICsyNjQ5LDExIEBAIChkZWZpbmUt
cHVibGljIGhpa2FyaQogICAgIChzeW5vcHNpcyAiU3RhY2tpbmcgV2F5bGFuZCBjb21wb3NpdG9y
IHdpdGggdGlsaW5nIGNhcGFiaWxpdGllcyIpCiAgICAgKGRlc2NyaXB0aW9uCiAgICAgICJIaWth
cmkgaXMgYSBzdGFja2luZyBXYXlsYW5kIGNvbXBvc2l0b3Igd2l0aCBhZGRpdGlvbmFsIHRpbGlu
ZwotY2FwYWJpbGl0aWVzLiAgSXQgaXMgaGVhdmlseSBpbnNwaXJlZCBieSB0aGUgQ2FsbSBXaW5k
b3cgbWFuYWdlcihjd20pLiIpCitjYXBhYmlsaXRpZXMuICBJdCBpcyBoZWF2aWx5IGluc3BpcmVk
IGJ5IHRoZSBDYWxtIFdpbmRvdyBtYW5hZ2VyKGN3bSkuCisKK1lvdSBuZWVkIGFkZCBmb2xsb3dp
bmcgbGluZSB0byB5b3VyIHN5c3RlbSBjb25maWd1cmF0aW9uIHRvIG1ha2UgdW5sb2NrZXIgd29y
a2luZzoKKworICAgIChzY3JlZW4tbG9ja2VyLXNlcnZpY2UtdHlwZSBoaWthcmkgXCJoaWthcmkt
dW5sb2NrZXJcIikiKQogICAgIChsaWNlbnNlIGxpY2Vuc2U6YnNkLTIpKSkKIAogKGRlZmluZS1w
dWJsaWMgZGV2b3VyCi0tIAoyLjM3LjMKCg==
--000000000000e3625005e8de8cf0--
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: =?UTF-8?Q?=E8=B7=AF=E8=BE=89?= <luhux76@HIDDEN> Subject: bug#57881: Acknowledgement ([PATCH] gnu: hikari: only allow use setuid hikari-unlocker.) Message-ID: <handler.57881.B.166341743613921.ack <at> debbugs.gnu.org> References: <CAGNyvehEsZ9xO5vJgWe1mQ9gpxfD+-JunkvOgd+2hNqOP0MY2w@HIDDEN> X-Gnu-PR-Message: ack 57881 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 57881 <at> debbugs.gnu.org Date: Sat, 17 Sep 2022 12:24:02 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): guix-patches@HIDDEN If you wish to submit further information on this problem, please send it to 57881 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 57881: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D57881 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
X-Loop: help-debbugs@HIDDEN
Subject: [bug#57881] [PATCH] gnu: hikari: only allow use setuid hikari-unlocker.
Resent-From: Josselin Poiret <dev@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sun, 18 Sep 2022 20:06:02 +0000
Resent-Message-ID: <handler.57881.B57881.16635315159897 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 57881
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: =?UTF-8?Q?=E8=B7=AF=E8=BE=89?= <luhux76@HIDDEN>, 57881 <at> debbugs.gnu.org
Received: via spool by 57881-submit <at> debbugs.gnu.org id=B57881.16635315159897
(code B ref 57881); Sun, 18 Sep 2022 20:06:02 +0000
Received: (at 57881) by debbugs.gnu.org; 18 Sep 2022 20:05:15 +0000
Received: from localhost ([127.0.0.1]:51370 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1oa0XT-0002ZY-1Q
for submit <at> debbugs.gnu.org; Sun, 18 Sep 2022 16:05:15 -0400
Received: from jpoiret.xyz ([206.189.101.64]:35856)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <dev@HIDDEN>) id 1oa0XN-0002ZG-5r
for 57881 <at> debbugs.gnu.org; Sun, 18 Sep 2022 16:05:12 -0400
Received: from authenticated-user (jpoiret.xyz [206.189.101.64])
by jpoiret.xyz (Postfix) with ESMTPA id 78A86184D5F;
Sun, 18 Sep 2022 20:05:06 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jpoiret.xyz; s=dkim;
t=1663531507;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references;
bh=MoQaFEmjzb5Zbyhj0Mm6KLSBVHDstIiBouv7659gLjU=;
b=ewOUMfT7RyY7kQSMnsOq4tIyyDySfCjPScqqIDrnV6zlWTDyrx6DzcMJzykN9A0gBbrCpb
mCR9spXE5bzon4601SMIQ7bNr9EHn/8hP+PGh8ib0tGoU34vlOmhDpX3S4i0fR6UiBO9on
pOE12nuln3q2JePuSXcyJGZCooG3XGydE6SHXqReMrSqcUCOkkgLLWxKc9Ft/TILjS/Q6B
YTZu2sSyY8U8jXGssOL6agcy5wXYJGYF/T5RM5zwrjN4mlqmEmakekPtA9XW2MFBsU2V7b
bEDpnaBT+smcazxk21C9Iv6HLfuD0T0gwcirOq6+IKftA+n4hEYstemmT45LIQ==
From: Josselin Poiret <dev@HIDDEN>
In-Reply-To: <CAGNyvehEsZ9xO5vJgWe1mQ9gpxfD+-JunkvOgd+2hNqOP0MY2w@HIDDEN>
References: <CAGNyvehEsZ9xO5vJgWe1mQ9gpxfD+-JunkvOgd+2hNqOP0MY2w@HIDDEN>
Date: Sun, 18 Sep 2022 22:05:04 +0200
Message-ID: <87illk8n4f.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Authentication-Results: jpoiret.xyz;
auth=pass smtp.auth=jpoiret@HIDDEN smtp.mailfrom=dev@HIDDEN
X-Spamd-Bar: /
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hi, =?UTF-8?Q?=E8=B7=AF=E8=BE=89?= <luhux76@HIDDEN> writes: > hikari-unlocker need
setuid and pam to work. > > if hikari exec a non-setuid hikari-unlocker,
such as > "$HOME/.guix-profile/bin/hikari-unlocker", it will cause hikari's
> lock-mode can't exit, only [...]
Content analysis details: (2.0 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: jpoiret.xyz (xyz)]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.0 FROM_SUSPICIOUS_NTLD From abused NTLD
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hi, =?UTF-8?Q?=E8=B7=AF=E8=BE=89?= <luhux76@HIDDEN> writes: > hikari-unlocker need
setuid and pam to work. > > if hikari exec a non-setuid hikari-unlocker,
such as > "$HOME/.guix-profile/bin/hikari-unlocker", it will cause hikari's
> lock-mode can't exit, only [...]
Content analysis details: (2.0 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: jpoiret.xyz (xyz)]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
1.0 BULK_RE_SUSP_NTLD Precedence bulk and RE: from a suspicious TLD
0.0 FROM_SUSPICIOUS_NTLD From abused NTLD
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
Hi,
=E8=B7=AF=E8=BE=89 <luhux76@HIDDEN> writes:
> hikari-unlocker need setuid and pam to work.
>
> if hikari exec a non-setuid hikari-unlocker, such as
> "$HOME/.guix-profile/bin/hikari-unlocker", it will cause hikari's
> lock-mode can't exit, only can press power button to exit it. :(
>
> https://hikari.acmelabs.space/manpage.html
>
> https://hub.darcs.net/raichoo/hikari/browse/src/lock_mode.c#71
> From d1bedbc3c850cf0a60b182999c229079bad9cd99 Mon Sep 17 00:00:00 2001
> From: Lu Hui <luhux76@HIDDEN>
> Date: Sat, 17 Sep 2022 20:10:34 +0800
> Subject: [PATCH] gnu: hikari: only allow use setuid hikari-unlocker.
>
> * gnu/packages/wm.scm (hikari)
> [phases]{force-use-setuid-unlocker}: replace "sh -c hikari-unlocker" to
> "/run/setuid-programs/hikari-unlocker"
On Guix system, /run/setuid-programs/ should be in front of whatever
profiles you're using in your PATH, otherwise it will be shadowed by
them. With the default profile loading code in /etc/profile, this
should be what happens but there might be issues with any non-default
setup (ie. package not installed in the ~/.guix-profile/).
To be honest, I'm not happy with hardcoding
/run/setuid-programs/hikari-unlocker, since it won't work on foreign
distros.
Shouldn't we rather report this issue upstream? I'm under the
impression that the locker should detect that it isn't running suid and
not try to query PAM if it isn't able to, and instead fail and display
an error message or something similar.
Best,
--=20
Josselin Poiret
X-Loop: help-debbugs@HIDDEN
Subject: [bug#57881] [PATCH] gnu: hikari: only allow use setuid hikari-unlocker.
Resent-From: =?UTF-8?Q?=E8=B7=AF=E8=BE=89?= <luhux76@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Fri, 23 Sep 2022 02:31:02 +0000
Resent-Message-ID: <handler.57881.B57881.16639002554843 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 57881
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Josselin Poiret <dev@HIDDEN>
Cc: 57881 <at> debbugs.gnu.org
Received: via spool by 57881-submit <at> debbugs.gnu.org id=B57881.16639002554843
(code B ref 57881); Fri, 23 Sep 2022 02:31:02 +0000
Received: (at 57881) by debbugs.gnu.org; 23 Sep 2022 02:30:55 +0000
Received: from localhost ([127.0.0.1]:38881 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1obYSs-0001G3-UH
for submit <at> debbugs.gnu.org; Thu, 22 Sep 2022 22:30:55 -0400
Received: from mail-yw1-f195.google.com ([209.85.128.195]:38586)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <luhux76@HIDDEN>) id 1obYSr-0001Fq-1G
for 57881 <at> debbugs.gnu.org; Thu, 22 Sep 2022 22:30:53 -0400
Received: by mail-yw1-f195.google.com with SMTP id
00721157ae682-3321c2a8d4cso118571877b3.5
for <57881 <at> debbugs.gnu.org>; Thu, 22 Sep 2022 19:30:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=content-transfer-encoding:cc:to:subject:message-id:date:from
:references:in-reply-to:mime-version:from:to:cc:subject:date;
bh=lz4oTlrXWbyMnfhTEmYz+BYUKu+fNnHXZyKeZdtelAI=;
b=F4KEQ7I/jAgNElDsSSo0e+O7XR053Dpvbk5TmQS6F+PRUnCKuedZ+wPHYC8LFCpWcv
JjblNcg8P0mc+94l8HMRD2mhfVGq5R6eLVaN1cVnWxx9zccJR+UM4yUlNo944VBdyi7z
Np4LyfneQI4r0mf0F6kQhyHEyRvWUuLQ8fam4hE31QyWEuPsJLT9aQTg7f4Jro6Id1Eb
wWnWGL8RjGFwY8U/Bk2BMWSHQ343nLCuOfSYw/LiN1r2IAfrQpewGWjTe7CVnHyg3ukH
d1zfWnORQLPxtUkX3SrAp3M5TF/hlh5ijGRrJDMTYoeqkZtgUq1i80ZDOpmKtLxe/foW
6G3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=content-transfer-encoding:cc:to:subject:message-id:date:from
:references:in-reply-to:mime-version:x-gm-message-state:from:to:cc
:subject:date;
bh=lz4oTlrXWbyMnfhTEmYz+BYUKu+fNnHXZyKeZdtelAI=;
b=Y5M+NkNCYcslknWtZe+nAkfXt594Gd7CM3v5xz9ROtQ6pCThXxRsx26zcVmua5d93Z
6XJCvUTSLpJ2UCQ470rETSGAfQu0+EMtGXuhzvHsRNxV7wlDodc1kF2v4sEp/hc0MXtl
EylnTpl35buZqeQQUaxCPY+JqfukVzRGNJuEfRGqev6srTWRRugw2ACGQaEUoEOx2I37
CyujZJzxKvMP72BMsF9eKuv6PEFNbK+iiw9bBck8eACPwjZcPDJMnCiev/nNSH9+NBz2
8FqRpaYLVG3AHEriqmnXAW5SOdgomLaFwAPDTXBFW2LNr5UFEoxZMTb2yjbkrGUY1mK8
CQfw==
X-Gm-Message-State: ACrzQf0l357yPkfcXepTR/9IBRNrxyWAFEg5AhgItH4v6oT8TvuFbnLC
H9fr5mnjU9IO1hVI9lhly9bj/lnWpz2y2RdnvaI=
X-Google-Smtp-Source: AMsMyM6OftcRiIzKfBoQa+Vl83hH8+kuWE8K8PF8BddZYQA+kFA1JWVHyhsoREAKXYx78BtDD3+uR2iyEbFoBD3THb0=
X-Received: by 2002:a81:6ed7:0:b0:34a:78e:bc58 with SMTP id
j206-20020a816ed7000000b0034a078ebc58mr6399521ywc.143.1663900247406; Thu, 22
Sep 2022 19:30:47 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a81:dd11:0:0:0:0:0 with HTTP; Thu, 22 Sep 2022 19:30:47
-0700 (PDT)
In-Reply-To: <87illk8n4f.fsf@HIDDEN>
References: <CAGNyvehEsZ9xO5vJgWe1mQ9gpxfD+-JunkvOgd+2hNqOP0MY2w@HIDDEN>
<87illk8n4f.fsf@HIDDEN>
From: =?UTF-8?Q?=E8=B7=AF=E8=BE=89?= <luhux76@HIDDEN>
Date: Fri, 23 Sep 2022 02:30:47 +0000
Message-ID: <CAGNyvegPadnAu0nCixrXwtygj7snTRyiqh=BBS--rTRtgB0DQw@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 2.2 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: ok, I will take some time to fix it. 2022-09-18 20:05 GMT,
Josselin Poiret : > Hi, > > =?UTF-8?Q?=E8=B7=AF=E8=BE=89?= writes: > >> hikari-unlocker need setuid
and pam to work. >> >> if hikari exec a non-setuid hikari-unlocker, such
as >> "$HOME/.guix-profile [...]
Content analysis details: (2.2 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: jpoiret.xyz (xyz)]
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit (luhux76[at]gmail.com)
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (luhux76[at]gmail.com)
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
-0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.128.195 listed in wl.mailspike.net]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust
[209.85.128.195 listed in list.dnswl.org]
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.2 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: ok, I will take some time to fix it. 2022-09-18 20:05 GMT,
Josselin Poiret : > Hi, > > =?UTF-8?Q?=E8=B7=AF=E8=BE=89?= writes: > >> hikari-unlocker need setuid
and pam to work. >> >> if hikari exec a non-setuid hikari-unlocker, such
as >> "$HOME/.guix-profile [...]
Content analysis details: (1.2 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.128.195 listed in wl.mailspike.net]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust
[209.85.128.195 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: jpoiret.xyz (xyz)]
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit (luhux76[at]gmail.com)
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (luhux76[at]gmail.com)
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
ok, I will take some time to fix it.
2022-09-18 20:05 GMT, Josselin Poiret <dev@HIDDEN>:
> Hi,
>
> =E8=B7=AF=E8=BE=89 <luhux76@HIDDEN> writes:
>
>> hikari-unlocker need setuid and pam to work.
>>
>> if hikari exec a non-setuid hikari-unlocker, such as
>> "$HOME/.guix-profile/bin/hikari-unlocker", it will cause hikari's
>> lock-mode can't exit, only can press power button to exit it. :(
>>
>> https://hikari.acmelabs.space/manpage.html
>>
>> https://hub.darcs.net/raichoo/hikari/browse/src/lock_mode.c#71
>> From d1bedbc3c850cf0a60b182999c229079bad9cd99 Mon Sep 17 00:00:00 2001
>> From: Lu Hui <luhux76@HIDDEN>
>> Date: Sat, 17 Sep 2022 20:10:34 +0800
>> Subject: [PATCH] gnu: hikari: only allow use setuid hikari-unlocker.
>>
>> * gnu/packages/wm.scm (hikari)
>> [phases]{force-use-setuid-unlocker}: replace "sh -c hikari-unlocker" to
>> "/run/setuid-programs/hikari-unlocker"
>
> On Guix system, /run/setuid-programs/ should be in front of whatever
> profiles you're using in your PATH, otherwise it will be shadowed by
> them. With the default profile loading code in /etc/profile, this
> should be what happens but there might be issues with any non-default
> setup (ie. package not installed in the ~/.guix-profile/).
>
> To be honest, I'm not happy with hardcoding
> /run/setuid-programs/hikari-unlocker, since it won't work on foreign
> distros.
>
> Shouldn't we rather report this issue upstream? I'm under the
> impression that the locker should detect that it isn't running suid and
> not try to query PAM if it isn't able to, and instead fail and display
> an error message or something similar.
>
> Best,
> --
> Josselin Poiret
>
Received: (at control) by debbugs.gnu.org; 6 Oct 2022 13:58:29 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Oct 06 09:58:29 2022 Received: from localhost ([127.0.0.1]:32974 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1ogROP-0002Ba-GN for submit <at> debbugs.gnu.org; Thu, 06 Oct 2022 09:58:29 -0400 Received: from mira.cbaines.net ([212.71.252.8]:41504) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <mail@HIDDEN>) id 1ogRON-0002BQ-2x for control <at> debbugs.gnu.org; Thu, 06 Oct 2022 09:58:27 -0400 Received: from localhost (unknown [IPv6:2a02:8010:68c1:0:fc93:27fb:8412:c8b7]) by mira.cbaines.net (Postfix) with ESMTPSA id 365E427BBE9 for <control <at> debbugs.gnu.org>; Thu, 6 Oct 2022 14:58:25 +0100 (BST) Received: from felis (localhost [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id 70d59725 for <control <at> debbugs.gnu.org>; Thu, 6 Oct 2022 13:58:24 +0000 (UTC) Date: Thu, 06 Oct 2022 14:58:24 +0100 Message-Id: <874jwh3vgf.fsf@HIDDEN> To: control <at> debbugs.gnu.org From: Christopher Baines <mail@HIDDEN> Subject: control message for bug #57881 X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) tags 57881 + moreinfo quit
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.