Christopher Baines <mail@HIDDEN>
to control <at> debbugs.gnu.org
.
Full text available.Received: (at 57881) by debbugs.gnu.org; 23 Sep 2022 02:30:55 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Sep 22 22:30:55 2022 Received: from localhost ([127.0.0.1]:38881 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1obYSs-0001G3-UH for submit <at> debbugs.gnu.org; Thu, 22 Sep 2022 22:30:55 -0400 Received: from mail-yw1-f195.google.com ([209.85.128.195]:38586) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <luhux76@HIDDEN>) id 1obYSr-0001Fq-1G for 57881 <at> debbugs.gnu.org; Thu, 22 Sep 2022 22:30:53 -0400 Received: by mail-yw1-f195.google.com with SMTP id 00721157ae682-3321c2a8d4cso118571877b3.5 for <57881 <at> debbugs.gnu.org>; Thu, 22 Sep 2022 19:30:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:from:to:cc:subject:date; bh=lz4oTlrXWbyMnfhTEmYz+BYUKu+fNnHXZyKeZdtelAI=; b=F4KEQ7I/jAgNElDsSSo0e+O7XR053Dpvbk5TmQS6F+PRUnCKuedZ+wPHYC8LFCpWcv JjblNcg8P0mc+94l8HMRD2mhfVGq5R6eLVaN1cVnWxx9zccJR+UM4yUlNo944VBdyi7z Np4LyfneQI4r0mf0F6kQhyHEyRvWUuLQ8fam4hE31QyWEuPsJLT9aQTg7f4Jro6Id1Eb wWnWGL8RjGFwY8U/Bk2BMWSHQ343nLCuOfSYw/LiN1r2IAfrQpewGWjTe7CVnHyg3ukH d1zfWnORQLPxtUkX3SrAp3M5TF/hlh5ijGRrJDMTYoeqkZtgUq1i80ZDOpmKtLxe/foW 6G3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:x-gm-message-state:from:to:cc :subject:date; bh=lz4oTlrXWbyMnfhTEmYz+BYUKu+fNnHXZyKeZdtelAI=; b=Y5M+NkNCYcslknWtZe+nAkfXt594Gd7CM3v5xz9ROtQ6pCThXxRsx26zcVmua5d93Z 6XJCvUTSLpJ2UCQ470rETSGAfQu0+EMtGXuhzvHsRNxV7wlDodc1kF2v4sEp/hc0MXtl EylnTpl35buZqeQQUaxCPY+JqfukVzRGNJuEfRGqev6srTWRRugw2ACGQaEUoEOx2I37 CyujZJzxKvMP72BMsF9eKuv6PEFNbK+iiw9bBck8eACPwjZcPDJMnCiev/nNSH9+NBz2 8FqRpaYLVG3AHEriqmnXAW5SOdgomLaFwAPDTXBFW2LNr5UFEoxZMTb2yjbkrGUY1mK8 CQfw== X-Gm-Message-State: ACrzQf0l357yPkfcXepTR/9IBRNrxyWAFEg5AhgItH4v6oT8TvuFbnLC H9fr5mnjU9IO1hVI9lhly9bj/lnWpz2y2RdnvaI= X-Google-Smtp-Source: AMsMyM6OftcRiIzKfBoQa+Vl83hH8+kuWE8K8PF8BddZYQA+kFA1JWVHyhsoREAKXYx78BtDD3+uR2iyEbFoBD3THb0= X-Received: by 2002:a81:6ed7:0:b0:34a:78e:bc58 with SMTP id j206-20020a816ed7000000b0034a078ebc58mr6399521ywc.143.1663900247406; Thu, 22 Sep 2022 19:30:47 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a81:dd11:0:0:0:0:0 with HTTP; Thu, 22 Sep 2022 19:30:47 -0700 (PDT) In-Reply-To: <87illk8n4f.fsf@HIDDEN> References: <CAGNyvehEsZ9xO5vJgWe1mQ9gpxfD+-JunkvOgd+2hNqOP0MY2w@HIDDEN> <87illk8n4f.fsf@HIDDEN> From: =?UTF-8?B?6Lev6L6J?= <luhux76@HIDDEN> Date: Fri, 23 Sep 2022 02:30:47 +0000 Message-ID: <CAGNyvegPadnAu0nCixrXwtygj7snTRyiqh=BBS--rTRtgB0DQw@HIDDEN> Subject: Re: [bug#57881] [PATCH] gnu: hikari: only allow use setuid hikari-unlocker. To: Josselin Poiret <dev@HIDDEN> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Score: 2.2 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: ok, I will take some time to fix it. 2022-09-18 20:05 GMT, Josselin Poiret : > Hi, > > 路辉 writes: > >> hikari-unlocker need setuid and pam to work. >> >> if hikari exec a non-setuid hikari-unlocker, such as >> "$HOME/.guix-profile [...] Content analysis details: (2.2 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs [URI: jpoiret.xyz (xyz)] 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (luhux76[at]gmail.com) 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (luhux76[at]gmail.com) 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.195 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.195 listed in list.dnswl.org] X-Debbugs-Envelope-To: 57881 Cc: 57881 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 1.2 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: ok, I will take some time to fix it. 2022-09-18 20:05 GMT, Josselin Poiret : > Hi, > > 路辉 writes: > >> hikari-unlocker need setuid and pam to work. >> >> if hikari exec a non-setuid hikari-unlocker, such as >> "$HOME/.guix-profile [...] Content analysis details: (1.2 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.195 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.195 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs [URI: jpoiret.xyz (xyz)] 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (luhux76[at]gmail.com) 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (luhux76[at]gmail.com) 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager ok, I will take some time to fix it. 2022-09-18 20:05 GMT, Josselin Poiret <dev@HIDDEN>: > Hi, > > =E8=B7=AF=E8=BE=89 <luhux76@HIDDEN> writes: > >> hikari-unlocker need setuid and pam to work. >> >> if hikari exec a non-setuid hikari-unlocker, such as >> "$HOME/.guix-profile/bin/hikari-unlocker", it will cause hikari's >> lock-mode can't exit, only can press power button to exit it. :( >> >> https://hikari.acmelabs.space/manpage.html >> >> https://hub.darcs.net/raichoo/hikari/browse/src/lock_mode.c#71 >> From d1bedbc3c850cf0a60b182999c229079bad9cd99 Mon Sep 17 00:00:00 2001 >> From: Lu Hui <luhux76@HIDDEN> >> Date: Sat, 17 Sep 2022 20:10:34 +0800 >> Subject: [PATCH] gnu: hikari: only allow use setuid hikari-unlocker. >> >> * gnu/packages/wm.scm (hikari) >> [phases]{force-use-setuid-unlocker}: replace "sh -c hikari-unlocker" to >> "/run/setuid-programs/hikari-unlocker" > > On Guix system, /run/setuid-programs/ should be in front of whatever > profiles you're using in your PATH, otherwise it will be shadowed by > them. With the default profile loading code in /etc/profile, this > should be what happens but there might be issues with any non-default > setup (ie. package not installed in the ~/.guix-profile/). > > To be honest, I'm not happy with hardcoding > /run/setuid-programs/hikari-unlocker, since it won't work on foreign > distros. > > Shouldn't we rather report this issue upstream? I'm under the > impression that the locker should detect that it isn't running suid and > not try to query PAM if it isn't able to, and instead fail and display > an error message or something similar. > > Best, > -- > Josselin Poiret >
guix-patches@HIDDEN
:bug#57881
; Package guix-patches
.
Full text available.Received: (at 57881) by debbugs.gnu.org; 18 Sep 2022 20:05:15 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Sep 18 16:05:15 2022 Received: from localhost ([127.0.0.1]:51370 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1oa0XT-0002ZY-1Q for submit <at> debbugs.gnu.org; Sun, 18 Sep 2022 16:05:15 -0400 Received: from jpoiret.xyz ([206.189.101.64]:35856) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <dev@HIDDEN>) id 1oa0XN-0002ZG-5r for 57881 <at> debbugs.gnu.org; Sun, 18 Sep 2022 16:05:12 -0400 Received: from authenticated-user (jpoiret.xyz [206.189.101.64]) by jpoiret.xyz (Postfix) with ESMTPA id 78A86184D5F; Sun, 18 Sep 2022 20:05:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jpoiret.xyz; s=dkim; t=1663531507; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MoQaFEmjzb5Zbyhj0Mm6KLSBVHDstIiBouv7659gLjU=; b=ewOUMfT7RyY7kQSMnsOq4tIyyDySfCjPScqqIDrnV6zlWTDyrx6DzcMJzykN9A0gBbrCpb mCR9spXE5bzon4601SMIQ7bNr9EHn/8hP+PGh8ib0tGoU34vlOmhDpX3S4i0fR6UiBO9on pOE12nuln3q2JePuSXcyJGZCooG3XGydE6SHXqReMrSqcUCOkkgLLWxKc9Ft/TILjS/Q6B YTZu2sSyY8U8jXGssOL6agcy5wXYJGYF/T5RM5zwrjN4mlqmEmakekPtA9XW2MFBsU2V7b bEDpnaBT+smcazxk21C9Iv6HLfuD0T0gwcirOq6+IKftA+n4hEYstemmT45LIQ== From: Josselin Poiret <dev@HIDDEN> To: =?utf-8?B?6Lev6L6J?= <luhux76@HIDDEN>, 57881 <at> debbugs.gnu.org Subject: Re: [bug#57881] [PATCH] gnu: hikari: only allow use setuid hikari-unlocker. In-Reply-To: <CAGNyvehEsZ9xO5vJgWe1mQ9gpxfD+-JunkvOgd+2hNqOP0MY2w@HIDDEN> References: <CAGNyvehEsZ9xO5vJgWe1mQ9gpxfD+-JunkvOgd+2hNqOP0MY2w@HIDDEN> Date: Sun, 18 Sep 2022 22:05:04 +0200 Message-ID: <87illk8n4f.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Authentication-Results: jpoiret.xyz; auth=pass smtp.auth=jpoiret@HIDDEN smtp.mailfrom=dev@HIDDEN X-Spamd-Bar: / X-Spam-Score: 2.0 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi, 路辉 <luhux76@HIDDEN> writes: > hikari-unlocker need setuid and pam to work. > > if hikari exec a non-setuid hikari-unlocker, such as > "$HOME/.guix-profile/bin/hikari-unlocker", it will cause hikari's > lock-mode can't exit, only [...] Content analysis details: (2.0 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs [URI: jpoiret.xyz (xyz)] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.0 FROM_SUSPICIOUS_NTLD From abused NTLD X-Debbugs-Envelope-To: 57881 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 2.0 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi, 路辉 <luhux76@HIDDEN> writes: > hikari-unlocker need setuid and pam to work. > > if hikari exec a non-setuid hikari-unlocker, such as > "$HOME/.guix-profile/bin/hikari-unlocker", it will cause hikari's > lock-mode can't exit, only [...] Content analysis details: (2.0 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs [URI: jpoiret.xyz (xyz)] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 1.0 BULK_RE_SUSP_NTLD Precedence bulk and RE: from a suspicious TLD 0.0 FROM_SUSPICIOUS_NTLD From abused NTLD -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager Hi, =E8=B7=AF=E8=BE=89 <luhux76@HIDDEN> writes: > hikari-unlocker need setuid and pam to work. > > if hikari exec a non-setuid hikari-unlocker, such as > "$HOME/.guix-profile/bin/hikari-unlocker", it will cause hikari's > lock-mode can't exit, only can press power button to exit it. :( > > https://hikari.acmelabs.space/manpage.html > > https://hub.darcs.net/raichoo/hikari/browse/src/lock_mode.c#71 > From d1bedbc3c850cf0a60b182999c229079bad9cd99 Mon Sep 17 00:00:00 2001 > From: Lu Hui <luhux76@HIDDEN> > Date: Sat, 17 Sep 2022 20:10:34 +0800 > Subject: [PATCH] gnu: hikari: only allow use setuid hikari-unlocker. > > * gnu/packages/wm.scm (hikari) > [phases]{force-use-setuid-unlocker}: replace "sh -c hikari-unlocker" to > "/run/setuid-programs/hikari-unlocker" On Guix system, /run/setuid-programs/ should be in front of whatever profiles you're using in your PATH, otherwise it will be shadowed by them. With the default profile loading code in /etc/profile, this should be what happens but there might be issues with any non-default setup (ie. package not installed in the ~/.guix-profile/). To be honest, I'm not happy with hardcoding /run/setuid-programs/hikari-unlocker, since it won't work on foreign distros. Shouldn't we rather report this issue upstream? I'm under the impression that the locker should detect that it isn't running suid and not try to query PAM if it isn't able to, and instead fail and display an error message or something similar. Best, --=20 Josselin Poiret
guix-patches@HIDDEN
:bug#57881
; Package guix-patches
.
Full text available.Received: (at submit) by debbugs.gnu.org; 17 Sep 2022 12:23:56 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Sep 17 08:23:56 2022 Received: from localhost ([127.0.0.1]:45323 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1oZWrU-0003cT-2j for submit <at> debbugs.gnu.org; Sat, 17 Sep 2022 08:23:56 -0400 Received: from lists.gnu.org ([209.51.188.17]:53780) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <luhux76@HIDDEN>) id 1oZWrP-0003cI-79 for submit <at> debbugs.gnu.org; Sat, 17 Sep 2022 08:23:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33306) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <luhux76@HIDDEN>) id 1oZWrO-0001DB-TO for guix-patches@HIDDEN; Sat, 17 Sep 2022 08:23:50 -0400 Received: from mail-yb1-xb42.google.com ([2607:f8b0:4864:20::b42]:38531) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <luhux76@HIDDEN>) id 1oZWrM-0007UO-OV for guix-patches@HIDDEN; Sat, 17 Sep 2022 08:23:50 -0400 Received: by mail-yb1-xb42.google.com with SMTP id c9so36234591ybf.5 for <guix-patches@HIDDEN>; Sat, 17 Sep 2022 05:23:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date; bh=SldnTfcmrpVfetWewvg3iqt5873A17Hjj/UA2MtTwLs=; b=K6ocV0k5iAmfUXzdHINrc/EhZL84lnqlSM/ULbw21uPrv6YMQ3t/f5Nx7S5sTpNZNI 1Ztsx/leAd3EjE0dhrmLN16N3mwWYrTZ4fFmuQamvSLV7FZH4uUk7mKUvvnOvf5eT6ea 9jw6o+HQug7hYu7G0WGSkCGLl9WVU8rPNgKEaOF0Y+4lepNwVN6MUgG9qJQkI+VS0tgw zbLY7t7ZQiQKJPCN1JYEt/dp1p5zbqRy7a583pxWnn2DRGCBAz8MmXNMTeWFbeZ7dkSQ LwccSEvKmP2tYzfeRTfRrRXwLO8iXKslMyHsiPnwxcALKGwDVlMhbDkH6IEVWvJBXc98 7JUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date; bh=SldnTfcmrpVfetWewvg3iqt5873A17Hjj/UA2MtTwLs=; b=AUOBgmE1zYCzpy7XNwm/gWnEDMA7PCF12y1E8Ihw0wvj/qR82o8eHXCi4HEQ4md5oO YG9Bx+w7UNCYoZ/YSyiaEKawbNgYWeh+3msTl3TCw3rDWh8rk/0NRP7XcKJ2CbwcCHQk j6Egr/Sq+Yci/a8RchGMiNSwoBoZymGQCdEKz+ymmcSqbo5z+++VpcfCWzvPB1NsA/iD raHdboWpzmvKy66tSuPdKmXh2It3lByVvUckdRzLames4torDXEDCR6pntYWpvD8TxFr NEF6fIgyQB7yyPIkTLen3Eq8OfLx6gN0x1GJTmyG4eg0cjBauC1RSq2dMYX2zDuBvE+e 04tg== X-Gm-Message-State: ACrzQf1iNo778R9F2pM0k3D/oFr3yQtu+QlPss5ejuek8FRQR8IDMi/U 4iMTAWjQamCWpnLyZLctoCz5Bl0mmartkXZmaTdU2Xu7EogQTgrO X-Google-Smtp-Source: AMsMyM7nnq/G+RbAh4LgwV5XBbFnjUbL+MScEH5beSoDLkz116nciU97Byv3S4g57jlXSUQVhGZ9gnDsHxgMsMUEXns= X-Received: by 2002:a25:5c3:0:b0:6a9:90fb:c9e6 with SMTP id 186-20020a2505c3000000b006a990fbc9e6mr8120284ybf.152.1663417427642; Sat, 17 Sep 2022 05:23:47 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a0d:d0c6:0:0:0:0:0 with HTTP; Sat, 17 Sep 2022 05:23:45 -0700 (PDT) From: =?UTF-8?B?6Lev6L6J?= <luhux76@HIDDEN> Date: Sat, 17 Sep 2022 12:23:45 +0000 Message-ID: <CAGNyvehEsZ9xO5vJgWe1mQ9gpxfD+-JunkvOgd+2hNqOP0MY2w@HIDDEN> Subject: [PATCH] gnu: hikari: only allow use setuid hikari-unlocker. To: guix-patches <guix-patches@HIDDEN> Content-Type: multipart/mixed; boundary="000000000000e3625005e8de8cf0" Received-SPF: pass client-ip=2607:f8b0:4864:20::b42; envelope-from=luhux76@HIDDEN; helo=mail-yb1-xb42.google.com X-Spam_score_int: -17 X-Spam_score: -1.8 X-Spam_bar: - X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.1 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.1 (--) --000000000000e3625005e8de8cf0 Content-Type: text/plain; charset="UTF-8" hikari-unlocker need setuid and pam to work. if hikari exec a non-setuid hikari-unlocker, such as "$HOME/.guix-profile/bin/hikari-unlocker", it will cause hikari's lock-mode can't exit, only can press power button to exit it. :( https://hikari.acmelabs.space/manpage.html https://hub.darcs.net/raichoo/hikari/browse/src/lock_mode.c#71 --000000000000e3625005e8de8cf0 Content-Type: text/x-patch; charset="UTF-8"; name="0001-gnu-hikari-only-allow-use-setuid-hikari-unlocker.patch" Content-Disposition: attachment; filename="0001-gnu-hikari-only-allow-use-setuid-hikari-unlocker.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: file0 RnJvbSBkMWJlZGJjM2M4NTBjZjBhNjBiMTgyOTk5YzIyOTA3OWJhZDljZDk5IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBMdSBIdWkgPGx1aHV4NzZAZ21haWwuY29tPgpEYXRlOiBTYXQs IDE3IFNlcCAyMDIyIDIwOjEwOjM0ICswODAwClN1YmplY3Q6IFtQQVRDSF0gZ251OiBoaWthcmk6 IG9ubHkgYWxsb3cgdXNlIHNldHVpZCBoaWthcmktdW5sb2NrZXIuCgoqIGdudS9wYWNrYWdlcy93 bS5zY20gKGhpa2FyaSkKW3BoYXNlc117Zm9yY2UtdXNlLXNldHVpZC11bmxvY2tlcn06IHJlcGxh Y2UgInNoIC1jIGhpa2FyaS11bmxvY2tlciIgdG8KIi9ydW4vc2V0dWlkLXByb2dyYW1zL2hpa2Fy aS11bmxvY2tlciIKLS0tCiBnbnUvcGFja2FnZXMvd20uc2NtIHwgMTIgKysrKysrKysrKystCiAx IGZpbGUgY2hhbmdlZCwgMTEgaW5zZXJ0aW9ucygrKSwgMSBkZWxldGlvbigtKQoKZGlmZiAtLWdp dCBhL2dudS9wYWNrYWdlcy93bS5zY20gYi9nbnUvcGFja2FnZXMvd20uc2NtCmluZGV4IGYzMjkw MjBlYjQuLmQwNTg2ZWZiNjMgMTAwNjQ0Ci0tLSBhL2dudS9wYWNrYWdlcy93bS5zY20KKysrIGIv Z251L3BhY2thZ2VzL3dtLnNjbQpAQCAtNTcsNiArNTcsNyBAQAogOzs7IENvcHlyaWdodCDCqSAy MDIyIG11cmFkbSA8bWFpbEBtdXJhZG0ubmV0PgogOzs7IENvcHlyaWdodCDCqSAyMDIyIEVsYWlz IFBsYXllciA8ZWxhaXNAZmFzdG1haWwuY29tPgogOzs7IENvcHlyaWdodCDCqSAyMDIyIFRyZXZv ciBSaWNoYXJkcyA8dHJldkB0cmV2ZGV2LmNhPgorOzs7IENvcHlyaWdodCDCqSAyMDIyIEx1SHVp IDxsdWh1eDc2QGdtYWlsLmNvbT4KIDs7OwogOzs7IFRoaXMgZmlsZSBpcyBwYXJ0IG9mIEdOVSBH dWl4LgogOzs7CkBAIC0yNjMyLDYgKzI2MzMsMTEgQEAgKGRlZmluZS1wdWJsaWMgaGlrYXJpCiAg ICAgICAgICJXSVRIX1ZJUlRVQUxfSU5QVVQ9WUVTIikKICAgICAgICAjOnBoYXNlcwogICAgICAg IChtb2RpZnktcGhhc2VzICVzdGFuZGFyZC1waGFzZXMKKyAgICAgICAgIChhZGQtYWZ0ZXIgJ3Vu cGFjayAnZm9yY2UtdXNlLXNldHVpZC11bmxvY2tlcgorICAgICAgICAgICAobGFtYmRhIF8KKyAg ICAgICAgICAgICAoc3Vic3RpdHV0ZSogInNyYy9sb2NrX21vZGUuYyIKKyAgICAgICAgICAgICAg ICgoIlwiL2Jpbi9zaFwiLCBcIi9iaW4vc2hcIiwgXCItY1wiLCBcImhpa2FyaS11bmxvY2tlclwi IikKKyAgICAgICAgICAgICAgICAiXCIvcnVuL3NldHVpZC1wcm9ncmFtcy9oaWthcmktdW5sb2Nr ZXJcIiIpKSkpCiAgICAgICAgICAoZGVsZXRlICdjb25maWd1cmUpCiAgICAgICAgICAocmVwbGFj ZSAnYnVpbGQKICAgICAgICAgICAgKGxhbWJkYSogKCM6a2V5IGlucHV0cyBvdXRwdXRzIG1ha2Ut ZmxhZ3MgIzphbGxvdy1vdGhlci1rZXlzKQpAQCAtMjY0Myw3ICsyNjQ5LDExIEBAIChkZWZpbmUt cHVibGljIGhpa2FyaQogICAgIChzeW5vcHNpcyAiU3RhY2tpbmcgV2F5bGFuZCBjb21wb3NpdG9y IHdpdGggdGlsaW5nIGNhcGFiaWxpdGllcyIpCiAgICAgKGRlc2NyaXB0aW9uCiAgICAgICJIaWth cmkgaXMgYSBzdGFja2luZyBXYXlsYW5kIGNvbXBvc2l0b3Igd2l0aCBhZGRpdGlvbmFsIHRpbGlu ZwotY2FwYWJpbGl0aWVzLiAgSXQgaXMgaGVhdmlseSBpbnNwaXJlZCBieSB0aGUgQ2FsbSBXaW5k b3cgbWFuYWdlcihjd20pLiIpCitjYXBhYmlsaXRpZXMuICBJdCBpcyBoZWF2aWx5IGluc3BpcmVk IGJ5IHRoZSBDYWxtIFdpbmRvdyBtYW5hZ2VyKGN3bSkuCisKK1lvdSBuZWVkIGFkZCBmb2xsb3dp bmcgbGluZSB0byB5b3VyIHN5c3RlbSBjb25maWd1cmF0aW9uIHRvIG1ha2UgdW5sb2NrZXIgd29y a2luZzoKKworICAgIChzY3JlZW4tbG9ja2VyLXNlcnZpY2UtdHlwZSBoaWthcmkgXCJoaWthcmkt dW5sb2NrZXJcIikiKQogICAgIChsaWNlbnNlIGxpY2Vuc2U6YnNkLTIpKSkKIAogKGRlZmluZS1w dWJsaWMgZGV2b3VyCi0tIAoyLjM3LjMKCg== --000000000000e3625005e8de8cf0--
路辉 <luhux76@HIDDEN>
:guix-patches@HIDDEN
.
Full text available.guix-patches@HIDDEN
:bug#57881
; Package guix-patches
.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.