Bruno Victal <mirai@HIDDEN>
to control <at> debbugs.gnu.org
.
Full text available.Received: (at 61462) by debbugs.gnu.org; 24 Mar 2023 04:33:47 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 24 00:33:47 2023 Received: from localhost ([127.0.0.1]:39637 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1pfZ7a-0008Ua-JG for submit <at> debbugs.gnu.org; Fri, 24 Mar 2023 00:33:47 -0400 Received: from cascadia.aikidev.net ([173.255.214.101]:42570) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <vagrant@HIDDEN>) id 1pfZ6D-0008SF-U2 for 61462 <at> debbugs.gnu.org; Fri, 24 Mar 2023 00:33:45 -0400 Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:20]) (Authenticated sender: vagrant@HIDDEN) by cascadia.aikidev.net (Postfix) with ESMTPSA id B88171AC6F; Thu, 23 Mar 2023 21:32:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org; s=1.vagrant.user; t=1679632321; bh=tXtwnCpMDo84rynIJj+21B8ArOyjndaJhNJr7BDtYfw=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=DDrQC4tErizMNbrGJkK3wj7wNdJ7PV38D8wWf+6qe9U5EpZGTWaZpGvZX2T8wVmjW LNBmgEHi1rHori1ddvox3QvaMaSflO3eWcIhSKpJWfha5OLPsc+qcAzdCGyktjpf3N BoEsD/XAJerssqjgEZzoqLE/eLB3OmNAe8OKYrbX9oCaL0W1AqJzaPEwYk9ZHwq5H8 hBcqFxA1EGZpoJabe63HGRxkObm0RY89gz9Ke9t0AwQ3kGYagIP242AUwkZ5oW5TPk 2KNStcAm14CQXIMa+lP2XM+y33XuwpNswUO6diVKO1Ylw/z9iBKrz2i03VxVom0rJ1 4AUxJsOYGclhA== From: Vagrant Cascadian <vagrant@HIDDEN> To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN> Subject: Re: [bug#61462] Add support for file capabilities(7) In-Reply-To: <877cvwsbfk.fsf@HIDDEN> References: <87r0uuehlr.fsf@nckx> <877cvwsbfk.fsf@HIDDEN> Date: Thu, 23 Mar 2023 21:31:53 -0700 Message-ID: <87cz4y6a86.fsf@contorta> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 61462 Cc: 61462 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 2023-03-04, Ludovic Court=C3=A8s wrote: > Tobias Geerinckx-Rice <me@HIDDEN> skribis: > >> I need to offload some of my eternally rebased local patches. Here's >> one that makes it easy to assign capabilities(7) =E2=80=94 currently thr= ough >> setcap(8) =E2=80=94 to programmes like we can set{u,g}id. >> >> There are many packages that benefit from this. Mine are: >> >> (privileged-programs >> (cons* (privileged-program >> (file-append mtr "/sbin/mtr") >> (capabilities "cap_net_raw+ep")) >> (privileged-program >> (file-append nethogs "/sbin/nethogs") >> (capabilities "cap_net_admin,cap_new_raw+ep")) >> (privileged-program >> (file-append light "/bin/light") >> (setuid? #t)) >> %default-privileged-programs)) > > Neat! Agreed! Thanks! >> I'm quite opinionated about the setuid-programs unification: there >> should not be multiple confusing and masking layers of privilege, and >> it should be possible to setgid a capable executable. > > So you mean that =E2=80=98privileged-programs=E2=80=99 should entirely re= place > =E2=80=98setuid-programs=E2=80=99, right? > > I=E2=80=99m a bit unsure about using file capabilities: > > 1. File capabilities are persistent and less visible than setuid bits > (you won=E2=80=99t see them with =E2=80=9Cls -l=E2=80=9D), so easily= overlooked. Could > there be a risk of lingering file capabilities when reconfiguring a > system? Does reconfigure leave old setuid binaries laying around in /run/setuid-programs currently? That sounds like leaking state from previous generations into the current generation, and should be fixed if it is indeed the case. Seems like with setuid/setgid and the proposed priviledged binaries, the setuid/setgid bits and capabilties should be explicitly set on any defined binaries, and any that are left over in the /run/*-programs directories should be... forcibly removed! Otherwise your current system is vulnerable to previous potentially bad choices indefinitely... Basically, guix system reconfigure should be fastidious and ideally deterministic with generating and updating /run/*-programs ... > 2. How =E2=80=99bout portability to different file systems and to GNU/H= urd? Currently I *think* /run/setuid-programs is tmpfs (at least on systems I have used running a linux-libre kernel) ... I do not think this attempts to change that...; we probably do not need broad filesystem compatibility, just whatever filesystem /run/*-programs is implemented on. And since they are not compatibly with GNU/Hurd, then let us drop support for x86_64-linux, riscv64-linux, ppc64el-linux, arm64-linux, etc. ... to make sure things are compatible! :P In all seriousness though, while I appreciate thinking about broad compatibility across different types of systems, I am a bit nervous about an approach that would require features to behave compatibly across all systems... ...though I suspect you were more getting at "What are the consequences of implementing this for some other system types?" > 3. What=E2=80=99s the complexity/benefit ratio? :-) > > Then there=E2=80=99s the compatibility story with moving from > /run/setuid-programs to /run/privileged-programs etc. that=E2=80=99ll hav= e to be > handled with care. I am less opinionated about adding yet another directory to PATH, although obivously then you get into the weird issues with old $PATH values laying around (e.g. not getting the new directory added until logging out or re-loading the running profile) > I=E2=80=99m very much sold to the principle of least authority, but I fee= l like > POSIX capabilities (not to be confused with =E2=80=9Cactual=E2=80=9D capa= bilities) are a > bit of a hack. And setuid/setgid is not a hack? It seems like essentially the same thing, just with no granularity... > Thoughts? There are some things that are just not possible without capabilities, and setuid/setgid is a dangerous hammer that should be used very sparingly, if at all, and capabilities are no *worse* that setuid/setgid, allowing a finer grained set of problems :) The need for this functionality has come up more than a few times: https://issues.guix.gnu.org/27415 https://issues.guix.gnu.org/39136 https://issues.guix.gnu.org/55683 And possibly a few others: https://issues.guix.gnu.org/search?query=3Dsetcap live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZB0nugAKCRDcUY/If5cW qs9AAQDmHv2X5PEZVmW6X0wGSbqTGP/1lT22DrJGHUnhKJyIMgEA2e2/zzQjDxwd NUfndSt+0z/GfKibdAv/8tiXvaLuZwU= =jTL3 -----END PGP SIGNATURE----- --=-=-=--
guix-patches@HIDDEN
:bug#61462
; Package guix-patches
.
Full text available.Received: (at 61462) by debbugs.gnu.org; 4 Mar 2023 16:56:11 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 04 11:56:11 2023 Received: from localhost ([127.0.0.1]:37573 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1pYVB5-000645-5D for submit <at> debbugs.gnu.org; Sat, 04 Mar 2023 11:56:11 -0500 Received: from eggs.gnu.org ([209.51.188.92]:44042) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1pYVB3-00063s-Ed for 61462 <at> debbugs.gnu.org; Sat, 04 Mar 2023 11:56:09 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1pYVAy-0005bn-43; Sat, 04 Mar 2023 11:56:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=PAAw89UqmdjdF/wuphcngUyNER0pl569rIdvDpyGh00=; b=BvpfTBDwR421TFuXb8bb d4iES2zhoNAuI1g8ERF10DsXZaP5MGrvESgJRB/oZ6Qcyk8YcwlNCpAmHtHyWT3U5ezIlFICsaP2l pS0ETfYYFaagAckQbH87RO407RMpSb891hunAfTFrfyeUT5AKqi7q7+YfBofZDoFljz0k9F2ZgNUm d3uIvFkwq+/GvwhtWWZtreNN11e1qxyUkFc6CKvssWk9aQ3xUhb+zOoW0zfISH6yTDkJt3PPWzlrI CTyh8QpDWzv8CwEME4OdIS1MQyfhP2UHIfkMiSI2uZklIFQeM2YIsF1ZmFra0eKy2Q4+fNS3S+pUA 4H+/QzgY53wiGg==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201] helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1pYVAw-0004iO-VL; Sat, 04 Mar 2023 11:56:03 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> To: Tobias Geerinckx-Rice <me@HIDDEN> Subject: Re: bug#61462: Add support for file capabilities(7) References: <87r0uuehlr.fsf@nckx> Date: Sat, 04 Mar 2023 17:55:59 +0100 In-Reply-To: <87r0uuehlr.fsf@nckx> (Tobias Geerinckx-Rice's message of "Sun, 12 Feb 2023 21:37:54 +0100") Message-ID: <877cvwsbfk.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 61462 Cc: 61462 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi! Tobias Geerinckx-Rice <me@HIDDEN> skribis: > I need to offload some of my eternally rebased local patches. Here's > one that makes it easy to assign capabilities(7) =E2=80=94 currently thro= ugh > setcap(8) =E2=80=94 to programmes like we can set{u,g}id. > > There are many packages that benefit from this. Mine are: > > (privileged-programs > (cons* (privileged-program > (file-append mtr "/sbin/mtr") > (capabilities "cap_net_raw+ep")) > (privileged-program > (file-append nethogs "/sbin/nethogs") > (capabilities "cap_net_admin,cap_new_raw+ep")) > (privileged-program > (file-append light "/bin/light") > (setuid? #t)) > %default-privileged-programs)) Neat! > The set's over a year old and needs a bit of love. Some details might > have bitrot, I probably forgot a to-do or two in that year, and > there's something unguixy about calling setcap(8) instead of writing a > completely new Guile binding/module :-) > > I'm quite opinionated about the setuid-programs unification: there > should not be multiple confusing and masking layers of privilege, and > it should be possible to setgid a capable executable. So you mean that =E2=80=98privileged-programs=E2=80=99 should entirely repl= ace =E2=80=98setuid-programs=E2=80=99, right? I=E2=80=99m a bit unsure about using file capabilities: 1. File capabilities are persistent and less visible than setuid bits (you won=E2=80=99t see them with =E2=80=9Cls -l=E2=80=9D), so easily o= verlooked. Could there be a risk of lingering file capabilities when reconfiguring a system? 2. How =E2=80=99bout portability to different file systems and to GNU/Hur= d? 3. What=E2=80=99s the complexity/benefit ratio? :-) Then there=E2=80=99s the compatibility story with moving from /run/setuid-programs to /run/privileged-programs etc. that=E2=80=99ll have = to be handled with care. I=E2=80=99m very much sold to the principle of least authority, but I feel = like POSIX capabilities (not to be confused with =E2=80=9Cactual=E2=80=9D capabi= lities) are a bit of a hack. Thoughts? Ludo=E2=80=99.
guix-patches@HIDDEN
:bug#61462
; Package guix-patches
.
Full text available.Received: (at 61462) by debbugs.gnu.org; 12 Feb 2023 21:04:09 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 12 16:04:09 2023 Received: from localhost ([127.0.0.1]:47053 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1pRJW5-0005A6-9y for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 16:04:09 -0500 Received: from tobias.gr ([80.241.217.52]:37414) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <me@HIDDEN>) id 1pRJW2-00059x-Kh for 61462 <at> debbugs.gnu.org; Sun, 12 Feb 2023 16:04:07 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=ects59M+Qyqeq th68sc8KHdBOoT05vvqROOUjfUtjtg=; h=in-reply-to:date:subject:cc:from: references; d=tobias.gr; b=Euzr3nuW/boyNOE2P4Jt8c5enYbOfTq90Erm5kt2R2z iVTZ7RPXr74QGiLKNlHw67E9WmE0oKYNCf+l+tVhZ8SeTla8AK6/WyF30P8ulVSaa/xRpp 8j0ZSs6E71gM1w/cw9D+4eitZW8ShYp/gVsXsXIAF6A2WIYErc3zYh/ANEF4QgX68Z+upv iNZhe6byLAZB5pFuYTGVQhlqZmk+Qhzv0W1mKTUv/Khp/D/vlH79ZcI5+vyph/pogUqRFO BHZ2sobDmNuiMbklkSpjmAkbeDJKH3g/MKBFMFS8rpKxPEkBd17Irwnk8qDObQrO9kbUAj CjYIxfOFqupw/SU1Ctg== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 5648d6f2 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Sun, 12 Feb 2023 21:04:02 +0000 (UTC) References: <87r0uuehlr.fsf@nckx> From: Tobias Geerinckx-Rice <me@HIDDEN> Subject: Re: [bug#61462] Add support for file capabilities(7) Date: Sun, 12 Feb 2023 22:05:34 +0100 In-reply-to: <87r0uuehlr.fsf@nckx> BIMI-Selector: v=BIMI1; s=default; Message-ID: <87ilg6egq6.fsf@nckx> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 1.2 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Tobias Geerinckx-Rice via Guix-patches via 写道: > The set's over a year old and needs a bit of love. I noticed some merge conflicts after sending this cover letter, and, as I'm too tired for love right now, will fix them and send the rest tomorrow. Content analysis details: (1.2 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.2 MISSING_HEADERS Missing To: header -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Debbugs-Envelope-To: 61462 Cc: guix-patches@HIDDEN, 61462 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 0.2 (/) --=-=-= Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Tobias Geerinckx-Rice via Guix-patches via =E5=86=99=E9=81=93=EF=BC=9A > The set's over a year old and needs a bit of love. I noticed some merge conflicts after sending this cover letter,=20 and, as I'm too tired for love right now, will fix them and send=20 the rest tomorrow. Kind regards, T G-R --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCY+lU0Q0cbWVAdG9iaWFz LmdyAAoJEA2w/4hPVW15FF8A/A/hnwF5IYhs13H9ooT7WaKcP7tUWTZCgddptq19 l0mJAQClDDaRMVdKZ2d4d0JdUG4IATHaok/BQCWdoLsS/7/AAA== =/4BU -----END PGP SIGNATURE----- --=-=-=--
guix-patches@HIDDEN
:bug#61462
; Package guix-patches
.
Full text available.Received: (at submit) by debbugs.gnu.org; 12 Feb 2023 21:04:11 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 12 16:04:11 2023 Received: from localhost ([127.0.0.1]:47057 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1pRJW7-0005AO-Gd for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 16:04:11 -0500 Received: from lists.gnu.org ([209.51.188.17]:42676) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <me@HIDDEN>) id 1pRJW5-0005AD-Iz for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 16:04:09 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <me@HIDDEN>) id 1pRJW5-0003Cv-7u for guix-patches@HIDDEN; Sun, 12 Feb 2023 16:04:09 -0500 Received: from tobias.gr ([2a02:c205:2020:6054::1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <me@HIDDEN>) id 1pRJW3-0004xW-IW for guix-patches@HIDDEN; Sun, 12 Feb 2023 16:04:08 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=ects59M+Qyqeq th68sc8KHdBOoT05vvqROOUjfUtjtg=; h=in-reply-to:date:subject:cc:from: references; d=tobias.gr; b=Euzr3nuW/boyNOE2P4Jt8c5enYbOfTq90Erm5kt2R2z iVTZ7RPXr74QGiLKNlHw67E9WmE0oKYNCf+l+tVhZ8SeTla8AK6/WyF30P8ulVSaa/xRpp 8j0ZSs6E71gM1w/cw9D+4eitZW8ShYp/gVsXsXIAF6A2WIYErc3zYh/ANEF4QgX68Z+upv iNZhe6byLAZB5pFuYTGVQhlqZmk+Qhzv0W1mKTUv/Khp/D/vlH79ZcI5+vyph/pogUqRFO BHZ2sobDmNuiMbklkSpjmAkbeDJKH3g/MKBFMFS8rpKxPEkBd17Irwnk8qDObQrO9kbUAj CjYIxfOFqupw/SU1Ctg== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 5648d6f2 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Sun, 12 Feb 2023 21:04:02 +0000 (UTC) References: <87r0uuehlr.fsf@nckx> From: Tobias Geerinckx-Rice <me@HIDDEN> Subject: Re: [bug#61462] Add support for file capabilities(7) Date: Sun, 12 Feb 2023 22:05:34 +0100 In-reply-to: <87r0uuehlr.fsf@nckx> BIMI-Selector: v=BIMI1; s=default; Message-ID: <87ilg6egq6.fsf@nckx> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@HIDDEN; helo=tobias.gr X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MISSING_HEADERS=1.021, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-Spam-Score: -0.4 (/) X-Debbugs-Envelope-To: submit Cc: guix-patches@HIDDEN, 61462 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.4 (-) --=-=-= Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Tobias Geerinckx-Rice via Guix-patches via =E5=86=99=E9=81=93=EF=BC=9A > The set's over a year old and needs a bit of love. I noticed some merge conflicts after sending this cover letter,=20 and, as I'm too tired for love right now, will fix them and send=20 the rest tomorrow. Kind regards, T G-R --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCY+lU0Q0cbWVAdG9iaWFz LmdyAAoJEA2w/4hPVW15FF8A/A/hnwF5IYhs13H9ooT7WaKcP7tUWTZCgddptq19 l0mJAQClDDaRMVdKZ2d4d0JdUG4IATHaok/BQCWdoLsS/7/AAA== =/4BU -----END PGP SIGNATURE----- --=-=-=--
guix-patches@HIDDEN
:bug#61462
; Package guix-patches
.
Full text available.Received: (at 61462) by debbugs.gnu.org; 12 Feb 2023 20:49:00 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 12 15:49:00 2023 Received: from localhost ([127.0.0.1]:46999 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1pRJHP-0004h8-Oy for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:49:00 -0500 Received: from tobias.gr ([80.241.217.52]:55494) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <me@HIDDEN>) id 1pRJHE-0004er-51 for 61462 <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:49 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=wV433SZDeFgI9 l18IAAEDfYna/0K/bt/arEBFHI/NDU=; h=references:in-reply-to:date: subject:to:from; d=tobias.gr; b=G2IZ/j+z/viCWoWywsjqMP6UwPeBqfuQK6xgfm KWA5ufh0yhp2muuIBxsJuysPEJb4Mialy+C3E8xywSyobpZ2E/dzkxi3DqjQUsT4Z7woh6 rk/6/5IZHeutlPWs1HXnwxepgKtEGa8ltQJRTIkVjD6vdOmSR5OfgyhFf2wZjiEMonkwKW K7n5nBNf6ElXjgn3/fAggmm+7ZJPGXci/jGLVxgATvzkMMg0f4gPflF3Mn1weD2SKstpYc kGTpWS+gEOsET2hGNGl/9VpePkAwAkGcmyqxbYA7OcAhWxeHPKUJGF08vb1zYaybjwjtJ2 C2bI53EidIKC3vST6L95p5YQ== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 112266e7 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>; Sun, 12 Feb 2023 20:48:39 +0000 (UTC) From: Tobias Geerinckx-Rice <me@HIDDEN> To: 61462 <at> debbugs.gnu.org Subject: [PATCH 10/10] system: Add privileged-programs to <operating-system>. Date: Sun, 5 Feb 2023 01:00:19 +0100 Message-Id: <20230205000019.6259-10-me@HIDDEN> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230205000019.6259-1-me@HIDDEN> References: <20230205000019.6259-1-me@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 2.1 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: * gnu/system.scm (<operating-system>): Add new privileged-programs field, that defaults to… (%default-privileged-programs): …this new variable, renamed from… (%setuid-programs): …this, which i [...] Content analysis details: (2.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Debbugs-Envelope-To: 61462 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 1.1 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: * gnu/system.scm (<operating-system>): Add new privileged-programs field, that defaults to… (%default-privileged-programs): …this new variable, renamed from… (%setuid-programs): …this, which i [...] Content analysis details: (1.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager * gnu/system.scm (<operating-system>): Add new privileged-programs field, that defaults to… (%default-privileged-programs): …this new variable, renamed from… (%setuid-programs): …this, which is now defined as the empty list. * doc/guix.texi (Setuid Programs): Rename this… (Privileged Programs): …to this. Adjust all refs. Update all mentions of ‘setuid’ (whether in prose, variable names, or code samples) to use the new ‘privilege[d]’ terminology instead. (operating-system Reference, X Window, Desktop Services, Invoking guix system, Service Reference): Adjust likewise. --- doc/guix.texi | 89 ++++++++++++++++++++++------------------- gnu/packages/crypto.scm | 2 +- gnu/services.scm | 1 - gnu/system.scm | 21 ++++++++-- 4 files changed, 65 insertions(+), 48 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 009bcf5d40..7e54abcffb 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -358,7 +358,7 @@ System Configuration * Keyboard Layout:: How the system interprets key strokes. * Locales:: Language and cultural convention settings. * Services:: Specifying system services. -* Setuid Programs:: Programs running with elevated privileges. +* Privileged Programs:: Programs running with elevated privileges. * X.509 Certificates:: Authenticating HTTPS servers. * Name Service Switch:: Configuring libc's name service switch. * Initial RAM Disk:: Linux-Libre bootstrapping. @@ -16146,7 +16146,7 @@ instance to support new system services. * Keyboard Layout:: How the system interprets key strokes. * Locales:: Language and cultural convention settings. * Services:: Specifying system services. -* Setuid Programs:: Programs running with elevated privileges. +* Privileged Programs:: Programs running with elevated privileges. * X.509 Certificates:: Authenticating HTTPS servers. * Name Service Switch:: Configuring libc's name service switch. * Initial RAM Disk:: Linux-Libre bootstrapping. @@ -16591,9 +16591,9 @@ As a user you should @emph{never} need to touch this field. Linux @dfn{pluggable authentication module} (PAM) services. @c FIXME: Add xref to PAM services section. -@item @code{setuid-programs} (default: @code{%setuid-programs}) -List of @code{<setuid-program>}. @xref{Setuid Programs}, for more -information. +@item @code{privileged-programs} (default: @code{%default-privileged-programs}) +List of @code{<privileged-program>}. @xref{Privileged Programs}, for +more information. @item @code{sudoers-file} (default: @code{%sudoers-specification}) @cindex sudoers file @@ -22047,8 +22047,8 @@ Usually the X server is started by a login manager. @deffn {Scheme Procedure} screen-locker-service @var{package} [@var{program}] Add @var{package}, a package for a screen locker or screen saver whose -command is @var{program}, to the set of setuid programs and add a PAM entry -for it. For example: +command is @var{program}, to the set of privileged programs and add a PAM +entry for it. For example: @lisp (screen-locker-service xlockmore "xlock") @@ -22965,9 +22965,9 @@ to operate with elevated privileges on a limited number of special-purpose system interfaces. Additionally, adding a service of type @code{mate-desktop-service-type} adds the MATE metapackage to the system profile. ``Adding Enlightenment'' means that @code{dbus} is extended -appropriately, and several of Enlightenment's binaries are set as setuid, -allowing Enlightenment's screen locker and other functionality to work as -expected. +appropriately, and several of Enlightenment's binaries are set as privileged +programs, allowing Enlightenment's screen locker and other functionality to +work as expected. The desktop environments in Guix use the Xorg display server by default. If you'd like to use the newer display server protocol @@ -25905,7 +25905,7 @@ remote servers. Run @command{man smtpd.conf} for more information. Make the following commands setgid to @code{smtpq} so they can be executed: @command{smtpctl}, @command{sendmail}, @command{send-mail}, @command{makemap}, @command{mailq}, and @command{newaliases}. -@xref{Setuid Programs}, for more information on setgid programs. +@xref{Privileged Programs}, for more information on setgid programs. @end table @end deftp @@ -37704,8 +37704,8 @@ create and run application bundles (aka. ``containers''). The value for this service is the Singularity package to use. The service does not install a daemon; instead, it installs helper programs as -setuid-root (@pxref{Setuid Programs}) such that unprivileged users can invoke -@command{singularity run} and similar commands. +setuid-root (@pxref{Privileged Programs}) such that unprivileged users can +invoke @command{singularity run} and similar commands. @end defvar @cindex Audit @@ -38136,11 +38136,14 @@ Mode for filter. @c End of auto-generated fail2ban documentation. -@node Setuid Programs -@section Setuid Programs +@node Privileged Programs +@section Privileged Programs +@cindex privileged programs @cindex setuid programs @cindex setgid programs +@cindex capabilities, POSIX +@cindex setcap Some programs need to run with elevated privileges, even when they are launched by unprivileged users. A notorious example is the @command{passwd} program, which users can run to change their @@ -38151,46 +38154,48 @@ obvious security reasons. To address that, @command{passwd} should be (@pxref{How Change Persona,,, libc, The GNU C Library Reference Manual}, for more info about the setuid mechanism). -The store itself @emph{cannot} contain setuid programs: that would be a -security issue since any user on the system can write derivations that +The store itself @emph{cannot} contain privileged programs: that would be +a security issue since any user on the system can write derivations that populate the store (@pxref{The Store}). Thus, a different mechanism is -used: instead of changing the setuid or setgid bits directly on files that -are in the store, we let the system administrator @emph{declare} which +used: instead of directly granting permissions to files that are in +the store, we let the system administrator @emph{declare} which programs should be entrusted with these additional privileges. -The @code{setuid-programs} field of an @code{operating-system} -declaration contains a list of @code{<setuid-program>} denoting the +The @code{privileged-programs} field of an @code{operating-system} +declaration contains a list of @code{<privileged-program>} denoting the names of programs to have a setuid or setgid bit set (@pxref{Using the Configuration System}). For instance, the @command{mount.nfs} program, which is part of the nfs-utils package, with a setuid root can be designated like this: @lisp -(setuid-program - (program (file-append nfs-utils "/sbin/mount.nfs"))) +(privileged-program + (program (file-append nfs-utils "/sbin/mount.nfs")) + (setuid? #t)) @end lisp And then, to make @command{mount.nfs} setuid on your system, add the previous example to your operating system declaration by appending it to -@code{%setuid-programs} like this: +@code{%default-privileged-programs} like this: @lisp (operating-system ;; Some fields omitted... - (setuid-programs - (append (list (setuid-program - (program (file-append nfs-utils "/sbin/mount.nfs")))) - %setuid-programs))) + (privileged-programs + (append (list (privileged-program + (program (file-append nfs-utils "/sbin/mount.nfs")) + (setuid? #t)) + %default-privileged-programs))) @end lisp -@deftp {Data Type} setuid-program -This data type represents a program with a setuid or setgid bit set. +@deftp {Data Type} privileged-program +This data type represents a program with special privileges, such as setuid @table @asis @item @code{program} -A file-like object having its setuid and/or setgid bit set. +A file-like object to which all given privileges should apply. -@item @code{setuid?} (default: @code{#t}) +@item @code{setuid?} (default: @code{#f}) Whether to set user setuid bit. @item @code{setgid?} (default: @code{#f}) @@ -38207,18 +38212,18 @@ defaults to root. @end table @end deftp -A default set of setuid programs is defined by the -@code{%setuid-programs} variable of the @code{(gnu system)} module. +A default set of privileged programs is defined by the +@code{%default-privileged-programs} variable of the @code{(gnu system)} module. -@defvar %setuid-programs -A list of @code{<setuid-program>} denoting common programs that are -setuid-root. +@defvar {Scheme Variable} %default-privileged-programs +A list of @code{<privileged-program>} denoting common programs with +elevated privileges. The list includes commands such as @command{passwd}, @command{ping}, @command{su}, and @command{sudo}. @end defvar -Under the hood, the actual setuid programs are created in the +Under the hood, the actual privileged programs are created in the @file{/run/privileged/bin} directory at system activation time. The files in this directory refer to the ``real'' binaries, which are in the store. @@ -39089,7 +39094,7 @@ once @command{reconfigure} has completed. @end quotation This effects all the configuration specified in @var{file}: user -accounts, system services, global package list, setuid programs, etc. +accounts, system services, global package list, privileged programs, etc. The command starts system services specified in @var{file} that are not currently running; if a service is currently running this command will arrange for it to be upgraded the next time it is stopped (e.g.@: by @@ -40535,10 +40540,10 @@ tiresome to create multiple records with it so in practice the procedure @end quotation @end defvar -@defvar setuid-program-service-type -Type for the ``setuid-program service''. This service collects lists of +@defvar privileged-program-service-type +Type for the ``privileged-program service''. This service collects lists of executable file names, passed as gexps, and adds them to the set of -setuid and setgid programs on the system (@pxref{Setuid Programs}). +privileged programs on the system (@pxref{Privileged Programs}). @end defvar @defvar profile-service-type diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm index 57a42a6a84..87c26f10ad 100644 --- a/gnu/packages/crypto.scm +++ b/gnu/packages/crypto.scm @@ -499,7 +499,7 @@ (define-public tomb `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))) ;; The "sudo" input is needed only to satisfy dependency checks in the ;; 'check' phase. The "sudo" used at runtime should come from the - ;; system's setuid-programs, so ensure no reference is kept. + ;; system's privileged-programs, so ensure no reference is kept. #:disallowed-references (,sudo) ;; TODO: Build and install gtk and qt trays #:phases diff --git a/gnu/services.scm b/gnu/services.scm index 09ff58dcd1..9825f4a4a5 100644 --- a/gnu/services.scm +++ b/gnu/services.scm @@ -44,7 +44,6 @@ (define-module (gnu services) #:use-module (gnu packages bash) #:use-module (gnu packages hurd) #:use-module (gnu system privilege) - #:use-module (gnu system setuid) #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) #:use-module (srfi srfi-9 gnu) diff --git a/gnu/system.scm b/gnu/system.scm index 3b66847b4f..1a22dc65f5 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -75,6 +75,7 @@ (define-module (gnu system) #:use-module (gnu system locale) #:use-module (gnu system pam) #:use-module (gnu system linux-initrd) + #:use-module (gnu system privilege) #:use-module (gnu system setuid) #:use-module (gnu system uuid) #:use-module (gnu system file-systems) @@ -128,6 +129,7 @@ (define-module (gnu system) operating-system-keyboard-layout operating-system-name-service-switch operating-system-pam-services + operating-system-privileged-programs operating-system-setuid-programs operating-system-skeletons operating-system-sudoers-file @@ -173,6 +175,7 @@ (define-module (gnu system) local-host-aliases ;deprecated local-host-entries %root-account + %default-privileged-programs %setuid-programs %sudoers-specification %base-packages @@ -296,7 +299,10 @@ (define-record-type* <operating-system> operating-system (pam-services operating-system-pam-services ; list of PAM services (default (base-pam-services))) + (privileged-programs operating-system-privileged-programs ; list of <privileged-program> + (default %default-privileged-programs)) (setuid-programs operating-system-setuid-programs + ;; For backwards compatibility; will be removed. (default %setuid-programs)) ; list of <setuid-program> (sudoers-file operating-system-sudoers-file ; file-like @@ -785,7 +791,8 @@ (define known-fs (host-name-service host-name) procs root-fs (service privileged-program-service-type - (operating-system-setuid-programs os)) + (append (operating-system-privileged-programs os) + (operating-system-setuid-programs os))) (service profile-service-type (operating-system-packages os)) boot-fs non-boot-fs @@ -826,7 +833,8 @@ (define (hurd-default-essential-services os) (service hosts-service-type (local-host-entries host-name))) (service privileged-program-service-type - (operating-system-setuid-programs os)) + (append (operating-system-privileged-programs os) + (operating-system-setuid-programs os))) (service profile-service-type (operating-system-packages os))))) (define* (operating-system-services os) @@ -1213,8 +1221,7 @@ (define (operating-system-environment-variables os) ;; TODO: Remove when glibc@HIDDEN is long gone. ("GUIX_LOCPATH" . "/run/current-system/locale"))) -(define %setuid-programs - ;; Default set of setuid-root programs. +(define %default-privileged-programs (let ((shadow (@ (gnu packages admin) shadow))) (map file-like->setuid-program (list (file-append shadow "/bin/passwd") @@ -1236,6 +1243,12 @@ (define %setuid-programs (file-append util-linux "/bin/mount") (file-append util-linux "/bin/umount"))))) +(define %setuid-programs + ;; Do not add to this list or use it in new code! It's defined only to ease + ;; transition to %default-privileged-programs and will be removed. Some rare + ;; use cases already break, such as the obvious (remove … %setuid-programs). + '()) + (define %sudoers-specification ;; Default /etc/sudoers contents: 'root' and all members of the 'wheel' ;; group can do anything. See -- 2.39.1
guix-patches@HIDDEN
:bug#61462
; Package guix-patches
.
Full text available.Received: (at 61462) by debbugs.gnu.org; 12 Feb 2023 20:48:59 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 12 15:48:59 2023 Received: from localhost ([127.0.0.1]:46997 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1pRJHP-0004h5-E0 for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:59 -0500 Received: from tobias.gr ([80.241.217.52]:56712) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <me@HIDDEN>) id 1pRJHD-0004fL-7W for 61462 <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:48 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=ij+3/JnSHHOBw dGs7xen+JspaCjAGqkeM0WL74Dq5Xg=; h=references:in-reply-to:date: subject:to:from; d=tobias.gr; b=Ps85EIroMVBLwmlJwBiuOwj/qaLm7CNeuPb0t9 ESqV++4D4Xbq4AnWSscudRJmO6WvE2vowE2e7RiReupi4oPPBw2FuZlsx8OvfSgq0X+wOH bSKkJ0hZGJFPv8MVBntchobmq83Hh4dSNgV2boOvlH/y+oCPJL6lnyKywwo+rZsZMvl3la ei09TOfARoxRVwdYy2L5GRsCd/xO+btgoYPoCpdmkAorRKx1c6Ve1xI25rmmcSraSsBbhq 2lPCmppDrzxvF7s2Ur9c9egbqSuc9atSEsQVzXt9Au2/dyUs9usQ4U23g8ckC+K+bgNymH EnJJBviOpNoeu5bKNWXdTWAg== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 0bd179a6 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>; Sun, 12 Feb 2023 20:48:39 +0000 (UTC) From: Tobias Geerinckx-Rice <me@HIDDEN> To: 61462 <at> debbugs.gnu.org Subject: [PATCH 09/10] system: Use privileged-program-service-type by default. Date: Sun, 5 Feb 2023 01:00:18 +0100 Message-Id: <20230205000019.6259-9-me@HIDDEN> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230205000019.6259-1-me@HIDDEN> References: <20230205000019.6259-1-me@HIDDEN> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: 2.1 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: * gnu/system.scm (operating-system-default-essential-services) (hurd-default-essential-services): Substitute privileged-program-service-type for setuid-program-service-type. --- gnu/system.scm | 4 ++- [...] Content analysis details: (2.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Debbugs-Envelope-To: 61462 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 1.1 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: * gnu/system.scm (operating-system-default-essential-services) (hurd-default-essential-services): Substitute privileged-program-service-type for setuid-program-service-type. --- gnu/system.scm | 4 ++- [...] Content analysis details: (1.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager * gnu/system.scm (operating-system-default-essential-services) (hurd-default-essential-services): Substitute privileged-program-service-type for setuid-program-service-type. --- gnu/system.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/system.scm b/gnu/system.scm index 446439bcac..3b66847b4f 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -784,7 +784,7 @@ (define known-fs (operating-system-environment-variables os)) (host-name-service host-name) procs root-fs - (service setuid-program-service-type + (service privileged-program-service-type (operating-system-setuid-programs os)) (service profile-service-type (operating-system-packages os)) @@ -825,7 +825,7 @@ (define (hurd-default-essential-services os) (list `("hosts" ,hosts-file))) (service hosts-service-type (local-host-entries host-name))) - (service setuid-program-service-type + (service privileged-program-service-type (operating-system-setuid-programs os)) (service profile-service-type (operating-system-packages os))))) -- 2.39.1
guix-patches@HIDDEN
:bug#61462
; Package guix-patches
.
Full text available.Received: (at 61462) by debbugs.gnu.org; 12 Feb 2023 20:48:59 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 12 15:48:59 2023 Received: from localhost ([127.0.0.1]:46995 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1pRJHO-0004gu-TO for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:59 -0500 Received: from tobias.gr ([80.241.217.52]:55494) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <me@HIDDEN>) id 1pRJHC-0004er-9w for 61462 <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:47 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=UiCh72+qtEtjD cG567MZrChL3N6G3FPpI9BMMitY9AU=; h=references:in-reply-to:date: subject:to:from; d=tobias.gr; b=PZDKOxWdgoHSP/H2e7IuK2NhWUcziE9qaBKn1j WlDe+C+nU4VG5QVyjOu16XowZjMqM7w0hZCHS59ZlLFviypTsXLZxLaJuXDJGDGKWmmZls M8AFnpVMRDVNX0C+rKu0Gt60L6IPw+ssckMxPEXLpg9A45NjHHMvxvZpTDZgbukhidu5hG Ifg8Bqj0QQE+1vPw2kF2aAZUDe6WpCXVGnKWqzR+gyU1rp0BI2JBmSjANrNzPPwYaujhAB cPwukYsN7kvsXrNt0I0e59lpGueQZYKotFz5PzqpSzVL0GVQ0gWI0T7u71JHCPamLswW9/ 58socsOy1kuN5YirzIV8QkwQ== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 7ca668bf (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>; Sun, 12 Feb 2023 20:48:38 +0000 (UTC) From: Tobias Geerinckx-Rice <me@HIDDEN> To: 61462 <at> debbugs.gnu.org Subject: [PATCH 08/10] services: Rename setuid-program-service-type. Date: Sun, 5 Feb 2023 01:00:17 +0100 Message-Id: <20230205000019.6259-8-me@HIDDEN> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230205000019.6259-1-me@HIDDEN> References: <20230205000019.6259-1-me@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 2.1 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: * gnu/services.scm (setuid-program->activation-gexp): Rename this… (privileged-program->activation-gexp): …to this. Operate on a list of <privileged-program> records. (privileged-program-service-t [...] Content analysis details: (2.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Debbugs-Envelope-To: 61462 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 1.1 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: * gnu/services.scm (setuid-program->activation-gexp): Rename this… (privileged-program->activation-gexp): …to this. Operate on a list of <privileged-program> records. (privileged-program-service-t [...] Content analysis details: (1.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager * gnu/services.scm (setuid-program->activation-gexp): Rename this… (privileged-program->activation-gexp): …to this. Operate on a list of <privileged-program> records. (privileged-program-service-type): New variable, renamed from setuid-program-service-type. Rename the service-type accordingly. (setuid-program-service-type): Redefine as an alias for the above. --- gnu/services.scm | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/gnu/services.scm b/gnu/services.scm index af9f4e1db6..09ff58dcd1 100644 --- a/gnu/services.scm +++ b/gnu/services.scm @@ -43,6 +43,7 @@ (define-module (gnu services) #:use-module (gnu packages base) #:use-module (gnu packages bash) #:use-module (gnu packages hurd) + #:use-module (gnu system privilege) #:use-module (gnu system setuid) #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) @@ -110,7 +111,8 @@ (define-module (gnu services) extra-special-file etc-service-type etc-directory - setuid-program-service-type + privileged-program-service-type + setuid-program-service-type ; deprecated profile-service-type firmware-service-type gc-root-service-type @@ -810,17 +812,17 @@ (define (etc-service files) FILES must be a list of name/file-like object pairs." (service etc-service-type files)) -(define (setuid-program->activation-gexp programs) - "Return an activation gexp for setuid-program from PROGRAMS." +(define (privileged-program->activation-gexp programs) + "Return an activation gexp for privileged-program from PROGRAMS." (let ((programs (map (lambda (program) ;; FIXME This is really ugly, I didn't managed to use ;; "inherit" - (let ((program-name (setuid-program-program program)) - (setuid? (setuid-program-setuid? program)) - (setgid? (setuid-program-setgid? program)) - (user (setuid-program-user program)) - (group (setuid-program-group program)) ) - #~(setuid-program + (let ((program-name (privileged-program-program program)) + (setuid? (privileged-program-setuid? program)) + (setgid? (privileged-program-setgid? program)) + (user (privileged-program-user program)) + (group (privileged-program-group program)) ) + #~(privileged-program (setuid? #$setuid?) (setgid? #$setgid?) (user #$user) @@ -828,17 +830,17 @@ (define (setuid-program->activation-gexp programs) (program #$program-name)))) programs))) (with-imported-modules (source-module-closure - '((gnu system setuid))) + '((gnu system privilege))) #~(begin - (use-modules (gnu system setuid)) + (use-modules (gnu system privilege)) (activate-privileged-programs (list #$@programs)))))) -(define setuid-program-service-type - (service-type (name 'setuid-program) +(define privileged-program-service-type + (service-type (name 'privileged-program) (extensions (list (service-extension activation-service-type - setuid-program->activation-gexp))) + privileged-program->activation-gexp))) (compose concatenate) (extend (lambda (config extensions) (append config extensions))) @@ -850,6 +852,10 @@ (define setuid-program-service-type symbolic links to their @file{/run/privileged/bin} counterpart. It will be removed in a future Guix release."))) +(define setuid-program-service-type + ;; Deprecated alias to ease transition. Will be removed! + privileged-program-service-type) + (define (packages->profile-entry packages) "Return a system entry for the profile containing PACKAGES." ;; XXX: 'mlet' is needed here for one reason: to get the proper -- 2.39.1
guix-patches@HIDDEN
:bug#61462
; Package guix-patches
.
Full text available.Received: (at 61462) by debbugs.gnu.org; 12 Feb 2023 20:48:59 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 12 15:48:58 2023 Received: from localhost ([127.0.0.1]:46993 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1pRJHO-0004gl-D7 for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:58 -0500 Received: from tobias.gr ([80.241.217.52]:56712) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <me@HIDDEN>) id 1pRJHC-0004fL-50 for 61462 <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:46 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=CP4R0uizaioVl NgWaY78ttb7yEcrqQ3c62NXaROIVCU=; h=references:in-reply-to:date: subject:to:from; d=tobias.gr; b=hnx8m1+D35zItVtdMXAShhhs5G/F2AQP6onVMv lbmrZCtcZmcNKGaIS/16gIAKsfcZsQUIDw+PuNB7VhuXAwM50+vvG/8bMoMHwZ9lu3vISu YRcMoICOFDjgMIZeMGQ5kUFM3XA8DfqnDonfX8OcFfyqjx+/dX83l2ikqXDFkbKoCF6R1Y +DIpNAsY1rswLtt0MpxnyDdQyapkDyV2FkxCOwA9WNXI9iZ065gI8WhQRrz7K2CXhhmc7A EZhbShviOfF9lnj9umXpCeJAPGFe1jcHoJJT4p0ht30OLvYBydzzT2JAgBjLmimA8ow/h6 aGdTBxdmzMvP8jKJnh8iYXyQ== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 3798ac59 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>; Sun, 12 Feb 2023 20:48:38 +0000 (UTC) From: Tobias Geerinckx-Rice <me@HIDDEN> To: 61462 <at> debbugs.gnu.org Subject: [PATCH 07/10] build: Rename activate-setuid-programs. Date: Sun, 5 Feb 2023 01:00:16 +0100 Message-Id: <20230205000019.6259-7-me@HIDDEN> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230205000019.6259-1-me@HIDDEN> References: <20230205000019.6259-1-me@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 2.1 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: * gnu/build/activation.scm (activate-setuid-programs): Rename this… (activate-privileged-programs): …to this. Operate on a list of <privileged-program> records. * gnu/services.scm (setuid-program- [...] Content analysis details: (2.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Debbugs-Envelope-To: 61462 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 1.1 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: * gnu/build/activation.scm (activate-setuid-programs): Rename this… (activate-privileged-programs): …to this. Operate on a list of <privileged-program> records. * gnu/services.scm (setuid-program- [...] Content analysis details: (1.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager * gnu/build/activation.scm (activate-setuid-programs): Rename this… (activate-privileged-programs): …to this. Operate on a list of <privileged-program> records. * gnu/services.scm (setuid-program->activation-gexp): Adjust caller. --- gnu/build/activation.scm | 24 ++++++++++++------------ gnu/services.scm | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm index af947a39fa..b5004a292c 100644 --- a/gnu/build/activation.scm +++ b/gnu/build/activation.scm @@ -27,7 +27,7 @@ (define-module (gnu build activation) #:use-module (gnu system accounts) - #:use-module (gnu system setuid) + #:use-module (gnu system privilege) #:use-module (gnu build accounts) #:use-module (gnu build linux-boot) #:use-module (guix build utils) @@ -41,7 +41,7 @@ (define-module (gnu build activation) #:export (activate-users+groups activate-user-home activate-etc - activate-setuid-programs + activate-privileged-programs activate-special-files activate-modprobe activate-firmware @@ -287,8 +287,8 @@ (define %privileged-program-directory ;; Place where privileged copies of programs are stored. "/run/privileged/bin") -(define (activate-setuid-programs programs) - "Turn PROGRAMS, a list of file setuid-programs records, into privileged +(define (activate-privileged-programs programs) + "Turn PROGRAMS, a list of file privileged-programs records, into privileged copies stored under %PRIVILEGED-PROGRAM-DIRECTORY." (define (ensure-empty-directory directory) (if (file-exists? directory) @@ -325,11 +325,11 @@ (define (make-deprecated-wrapper program) (for-each (lambda (program) (catch 'system-error (lambda () - (let* ((program-name (setuid-program-program program)) - (setuid? (setuid-program-setuid? program)) - (setgid? (setuid-program-setgid? program)) - (user (setuid-program-user program)) - (group (setuid-program-group program)) + (let* ((program-name (privileged-program-program program)) + (setuid? (privileged-program-setuid? program)) + (setgid? (privileged-program-setgid? program)) + (user (privileged-program-user program)) + (group (privileged-program-group program)) (uid (match user ((? string?) (passwd:uid (getpwnam user))) ((? integer?) user))) @@ -339,13 +339,13 @@ (define (make-deprecated-wrapper program) (make-privileged-program program-name setuid? setgid? uid gid) (make-deprecated-wrapper program-name))) (lambda args - ;; If we fail to create a setuid program, better keep going + ;; If we fail to create a privileged program, better keep going ;; so that we don't leave %PRIVILEGED-PROGRAM-DIRECTORY empty ;; or half-populated. This can happen if PROGRAMS contains ;; incorrect file names: <https://bugs.gnu.org/38800>. (format (current-error-port) - "warning: failed to make ~s setuid/setgid: ~a~%" - (setuid-program-program program) + "warning: failed to privilege ~s: ~a~%" + (privileged-program-program program) (strerror (system-error-errno args)))))) programs)) diff --git a/gnu/services.scm b/gnu/services.scm index 26546e1369..af9f4e1db6 100644 --- a/gnu/services.scm +++ b/gnu/services.scm @@ -832,7 +832,7 @@ (define (setuid-program->activation-gexp programs) #~(begin (use-modules (gnu system setuid)) - (activate-setuid-programs (list #$@programs)))))) + (activate-privileged-programs (list #$@programs)))))) (define setuid-program-service-type (service-type (name 'setuid-program) -- 2.39.1
guix-patches@HIDDEN
:bug#61462
; Package guix-patches
.
Full text available.Received: (at 61462) by debbugs.gnu.org; 12 Feb 2023 20:48:58 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 12 15:48:58 2023 Received: from localhost ([127.0.0.1]:46991 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1pRJHN-0004ge-U9 for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:58 -0500 Received: from tobias.gr ([80.241.217.52]:55494) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <me@HIDDEN>) id 1pRJHA-0004er-VA for 61462 <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:46 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=psf3+9hskKmc4 gmp9MlQ/eYR0LxMPKCwbeVkoVKCs28=; h=references:in-reply-to:date: subject:to:from; d=tobias.gr; b=GSyODlzIf7R9yYAqQNpMr5guInvFdMZWDB60et xIycDe+SDDhJaar3RJFrBY/EZmv4zWrQXhICoHtIA2MUfdluKZNSd90tLtPqClmisUoERZ 3r85v7oeWfuuVCdNnQWTZBCK5ev+5ynAatM0HAEXi4f+RmsIsgNV+x3ZqvNZBjldErGqg7 Z7Midh3/dj5arJF1knMjtAgoQx6y+Ix2/UIaSvO8RihCPfD9kWoywQ2vWuL/AvOIB4qjVu lT+o30g7RInAtV+UMegSo7ni+0uMbbqWJqCxJOSpFivI04/ue7XW/IvIfHaFZWRT1DSnHe O2Kh7PfFxkNAZQXd9rySrfYg== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 74b6d0c1 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>; Sun, 12 Feb 2023 20:48:38 +0000 (UTC) From: Tobias Geerinckx-Rice <me@HIDDEN> To: 61462 <at> debbugs.gnu.org Subject: [PATCH 05/10] system: Add (gnu system privilege). Date: Sun, 5 Feb 2023 01:00:14 +0100 Message-Id: <20230205000019.6259-5-me@HIDDEN> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230205000019.6259-1-me@HIDDEN> References: <20230205000019.6259-1-me@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 2.1 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: * gnu/system/privilege.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. --- gnu/local.mk | 1 + gnu/system/privilege.scm | 58 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 ins [...] Content analysis details: (2.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Debbugs-Envelope-To: 61462 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 1.1 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: * gnu/system/privilege.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. --- gnu/local.mk | 1 + gnu/system/privilege.scm | 58 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 ins [...] Content analysis details: (1.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager * gnu/system/privilege.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. --- gnu/local.mk | 1 + gnu/system/privilege.scm | 58 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 gnu/system/privilege.scm diff --git a/gnu/local.mk b/gnu/local.mk index cdb99813d0..acf74cd9ae 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -723,6 +723,7 @@ GNU_SYSTEM_MODULES = \ %D%/system/mapped-devices.scm \ %D%/system/nss.scm \ %D%/system/pam.scm \ + %D%/system/privilege.scm \ %D%/system/setuid.scm \ %D%/system/shadow.scm \ %D%/system/uuid.scm \ diff --git a/gnu/system/privilege.scm b/gnu/system/privilege.scm new file mode 100644 index 0000000000..d89d5d5d1c --- /dev/null +++ b/gnu/system/privilege.scm @@ -0,0 +1,58 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2021 Brice Waegeneire <brice@HIDDEN> +;;; Copyright © 2022 Tobias Geerinckx-Rice <me@HIDDEN> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +(define-module (gnu system privilege) + #:use-module (guix records) + #:export (privileged-program + privileged-program? + privileged-program-program + privileged-program-setuid? + privileged-program-setgid? + privileged-program-user + privileged-program-group + privileged-program-capabilities)) + +;;; Commentary: +;;; +;;; Data structures representing privileged programs: binaries with additional +;;; permissions such as setuid/setgid, or POSIX capabilities. This is meant to +;;; be used both on the host side and at run time--e.g., in activation snippets. +;;; +;;; Code: + +(define-record-type* <privileged-program> + privileged-program make-privileged-program + privileged-program? + ;; File name of the program to assign elevated privileges. + (program privileged-program-program) ;file-like + ;; Whether to set the setuid (‘set user ID’) bit. + (setuid? privileged-program-setuid? ;boolean + (default #f)) + ;; Whether to set the setgid (‘set group ID’) bit. + (setgid? privileged-program-setgid? ;boolean + (default #f)) + ;; The user name or ID this should be set to (defaults to root's). + (user privileged-program-user ;integer or string + (default 0)) + ;; The group name or ID we want to set this to (defaults to root's). + (group privileged-program-group ;integer or string + (default 0)) + ;; POSIX capabilities in cap_from_text(3) form (defaults to #f: none). + (capabilities privileged-program-capabilities ;string or #f + (default #f))) -- 2.39.1
guix-patches@HIDDEN
:bug#61462
; Package guix-patches
.
Full text available.Received: (at 61462) by debbugs.gnu.org; 12 Feb 2023 20:48:58 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 12 15:48:57 2023 Received: from localhost ([127.0.0.1]:46989 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1pRJHN-0004gb-HY for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:57 -0500 Received: from tobias.gr ([80.241.217.52]:56712) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <me@HIDDEN>) id 1pRJHB-0004fL-3Z for 61462 <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:45 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=Gimrxke5k7zXk 9AqjKCbfsMiVv2jvCsoa8oU48wIIl8=; h=references:in-reply-to:date: subject:to:from; d=tobias.gr; b=XdXqCqz0o/i4fyfYCAhhs+26uoID9qlK8OCNfM wX6p5JhT+Zj0hsaqmbEUBDBCzUJwXA4RaWQz1khxKMyX3HO+GETp5DE2Ag2emEg4lHsAII o2oaT2iFowoMfM5wUBlZmlMSv8BciG83aUEvUtWGPhZ6FKVu5swTZEMuxddj+RRaB20ALC 7ABnW44ReLhi0OAPp8jVSSzDqUIPUHkV0giTSVrvZ3qmK8jzNSYK72nyrsC+cp9deOtqZH pOj6nKrdrbRIQxaITBMdam0TnAKqpeLd9WBX1DjacNzZ9XDhG89Geiwqt7XDHUvkvn+U3L +PkRqXpF/D/pD7+Mf7z934Wg== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 897b2e73 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>; Sun, 12 Feb 2023 20:48:38 +0000 (UTC) From: Tobias Geerinckx-Rice <me@HIDDEN> To: 61462 <at> debbugs.gnu.org Subject: [PATCH 06/10] system: (gnu system setuid) wraps (gnu system privilege). Date: Sun, 5 Feb 2023 01:00:15 +0100 Message-Id: <20230205000019.6259-6-me@HIDDEN> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230205000019.6259-1-me@HIDDEN> References: <20230205000019.6259-1-me@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 2.1 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: * gnu/system/setuid.scm (setuid-program): Rewrite as syntax to create a <privileged-program> record that is setuid by default. (setuid-program?, setuid-program-program, setuid-program-setuid?) (setuid [...] Content analysis details: (2.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Debbugs-Envelope-To: 61462 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 1.1 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: * gnu/system/setuid.scm (setuid-program): Rewrite as syntax to create a <privileged-program> record that is setuid by default. (setuid-program?, setuid-program-program, setuid-program-setuid?) (setuid [...] Content analysis details: (1.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager * gnu/system/setuid.scm (setuid-program): Rewrite as syntax to create a <privileged-program> record that is setuid by default. (setuid-program?, setuid-program-program, setuid-program-setuid?) (setuid-program-setgid?, setuid-program-user, setuid-program-group): Alias their privileged-program equivalent. --- gnu/system/setuid.scm | 44 +++++++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 20 deletions(-) diff --git a/gnu/system/setuid.scm b/gnu/system/setuid.scm index 83111d932c..4dd0cc8962 100644 --- a/gnu/system/setuid.scm +++ b/gnu/system/setuid.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2021 Brice Waegeneire <brice@HIDDEN> +;;; Copyright © 2022 Tobias Geerinckx-Rice <me@HIDDEN> ;;; ;;; This file is part of GNU Guix. ;;; @@ -17,7 +18,9 @@ ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. (define-module (gnu system setuid) - #:use-module (guix records) + #:use-module (gnu system privilege) + #:use-module (ice-9 match) + #:use-module (srfi srfi-1) #:export (setuid-program setuid-program? setuid-program-program @@ -30,28 +33,29 @@ (define-module (gnu system setuid) ;;; Commentary: ;;; -;;; Data structures representing setuid/setgid programs. This is meant to be -;;; used both on the host side and at run time--e.g., in activation snippets. +;;; Do not use this module in new code. It used to define data structures +;;; representing setuid/setgid programs, but is now a mere compatibility shim +;;; wrapping a subset of (gnu system privilege). ;;; ;;; Code: -(define-record-type* <setuid-program> - setuid-program make-setuid-program - setuid-program? - ;; Path to program to link with setuid permissions - (program setuid-program-program) ;file-like - ;; Whether to set user setuid bit - (setuid? setuid-program-setuid? ;boolean - (default #t)) - ;; Whether to set group setgid bit - (setgid? setuid-program-setgid? ;boolean - (default #f)) - ;; The user this should be set to (defaults to root) - (user setuid-program-user ;integer or string - (default 0)) - ;; Group we want to set this to (defaults to root) - (group setuid-program-group ;integer or string - (default 0))) +(define-syntax setuid-program + (lambda (fields) + (syntax-case fields () + ((_ (field value) ...) + #`(privileged-program + (setuid? (match (assoc-ref '((field value) ...) 'setuid?) + ((#f) #f) + (_ #t))) + #,@(remove (match-lambda ((f _) (eq? (syntax->datum f) 'setuid?))) + #'((field value) ...))))))) + +(define setuid-program? privileged-program?) +(define setuid-program-program privileged-program-program) +(define setuid-program-setuid? privileged-program-setuid?) +(define setuid-program-setgid? privileged-program-setgid?) +(define setuid-program-user privileged-program-user) +(define setuid-program-group privileged-program-group) (define (file-like->setuid-program program) (setuid-program (program program))) -- 2.39.1
guix-patches@HIDDEN
:bug#61462
; Package guix-patches
.
Full text available.Received: (at 61462) by debbugs.gnu.org; 12 Feb 2023 20:48:49 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 12 15:48:49 2023 Received: from localhost ([127.0.0.1]:46985 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1pRJHE-0004g7-7V for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:49 -0500 Received: from tobias.gr ([80.241.217.52]:55494) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <me@HIDDEN>) id 1pRJH9-0004er-FU for 61462 <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=MdIrDXRD3KeLA sJNr0MbX4dUrdxz/LxqjopPmyFijds=; h=references:in-reply-to:date: subject:to:from; d=tobias.gr; b=mbTSi8QkOnUTskudabx2V7ht73fNdEFaRh3tvh 6WCvUY0r4rzPLXi0obaDfAsXtmerJ9Ph+8cy9OEhPb1EmN0CMqEBaq/F1J1iji7k1zp36G DmYr72/Qx89zciFt8eCgYkMw2IcEYjWYqTnjgGmg86mr/2tBvoLFjfQcUFWVLWTVvwkO/W EHN/pAxZ2oBXxVS/HuWcHTu2cp4cfy8ye/MZz3XXvduiA3BUkf1OozQd7EZGWS6/rdLDRa 4lb/6sXSf81oqPh0mF2IvBXOsqexZ/ZWcmbAj7vA47E5B7GZgJBe7joYgJXkJAv1Kq+Kz9 T9WHOh8PV0t1a0TH4YID45wA== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 956a4c16 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>; Sun, 12 Feb 2023 20:48:38 +0000 (UTC) From: Tobias Geerinckx-Rice <me@HIDDEN> To: 61462 <at> debbugs.gnu.org Subject: [PATCH 04/10] gnu: Replace (almost) all uses of /run/setuid-programs. Date: Sun, 5 Feb 2023 01:00:13 +0100 Message-Id: <20230205000019.6259-4-me@HIDDEN> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230205000019.6259-1-me@HIDDEN> References: <20230205000019.6259-1-me@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 2.1 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: …those good for master, anyway. * gnu/packages/admin.scm (ktsuss, opendoas, hosts) [arguments]: Replace /run/setuid-programs with /run/privileged/bin. * gnu/packages/containers.scm (slirp4netns)[arguments]: Likewise. * gnu/packages/ [...] Content analysis details: (2.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Debbugs-Envelope-To: 61462 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 1.1 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: …those good for master, anyway. * gnu/packages/admin.scm (ktsuss, opendoas, hosts) [arguments]: Replace /run/setuid-programs with /run/privileged/bin. * gnu/packages/containers.scm (slirp4netns)[arguments]: Likewise. * gnu/packages/ [...] Content analysis details: (1.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager …those good for master, anyway. * gnu/packages/admin.scm (ktsuss, opendoas, hosts) [arguments]: Replace /run/setuid-programs with /run/privileged/bin. * gnu/packages/containers.scm (slirp4netns)[arguments]: Likewise. * gnu/packages/debian.scm (pbuilder)[arguments]: Likewise. * gnu/packages/disk.scm (udevil)[arguments]: Likewise. * gnu/packages/enlightenment.scm (efl, enlightenment) [arguments]: Likewise. * gnu/packages/gnome.scm (gdm, gnome-control-center) [arguments]: Likewise. * gnu/packages/linux.scm (singularity)[arguments]: Likewise. * gnu/packages/lxde.scm (spacefm)[arguments]: Likewise. * gnu/packages/monitoring.scm (zabbix-agentd)[arguments]: Likewise. * gnu/packages/virtualization.scm (ganeti)[arguments]: Likewise. * gnu/packages/xdisorg.scm (xsecurelock)[arguments]: Likewise. * gnu/services/dbus.scm (dbus-configuration-directory): Likewise. * gnu/services/ganeti.scm (%default-ganeti-environment-variables): Likewise. * gnu/services/monitoring.scm (zabbix-agent-shepherd-service): Likewise. * gnu/tests/ldap.scm (marionette): Likewise. * gnu/tests/monitoring.scm (os): Likewise. --- gnu/machine/ssh.scm | 2 ++ gnu/packages/admin.scm | 6 +++--- gnu/packages/containers.scm | 2 +- gnu/packages/debian.scm | 4 ++-- gnu/packages/disk.scm | 14 +++++++------- gnu/packages/enlightenment.scm | 10 +++++----- gnu/packages/gnome.scm | 4 ++-- gnu/packages/linux.scm | 2 +- gnu/packages/lxde.scm | 19 ++++++++----------- gnu/packages/monitoring.scm | 2 +- gnu/packages/virtualization.scm | 2 +- gnu/packages/xdisorg.scm | 2 +- gnu/services/dbus.scm | 2 +- gnu/services/ganeti.scm | 2 +- gnu/services/monitoring.scm | 2 +- gnu/tests/ldap.scm | 2 +- gnu/tests/monitoring.scm | 4 ++-- 17 files changed, 40 insertions(+), 41 deletions(-) diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm index 343cf74748..26ea787e29 100644 --- a/gnu/machine/ssh.scm +++ b/gnu/machine/ssh.scm @@ -177,6 +177,8 @@ (define (machine-become-command machine) (if (string= "root" (machine-ssh-configuration-user (machine-configuration machine))) '() + ;; Use the old setuid-programs location until the remote is likely to + ;; have the new /run/privileged one in place. '("/run/setuid-programs/sudo" "-n" "--"))) (define (managed-host-remote-eval machine exp) diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 3d0886aba8..c022e9224c 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -199,7 +199,7 @@ (define-public ktsuss (lambda _ (substitute* "configure.ac" (("supath=`which su 2>/dev/null`") - "supath=/run/setuid-programs/su")) + "supath=/run/privileged/bin/su")) #t))))) (native-inputs (list autoconf automake libtool pkg-config)) @@ -2086,7 +2086,7 @@ (define-public opendoas (substitute* "doas.c" (("safepath =" match) (string-append match " \"" - "/run/setuid-programs:" + "/run/privileged/bin:" "/run/current-system/profile/bin:" "/run/current-system/profile/sbin:" "\" "))))) @@ -4863,7 +4863,7 @@ (define-public hosts ":" (assoc-ref %build-inputs "grep") "/bin" ":" (assoc-ref %build-inputs "ncurses") "/bin" ":" (assoc-ref %build-inputs "sed") "/bin" - ":" "/run/setuid-programs" + ":" "/run/privileged/bin" ":" (getenv "PATH"))) (substitute* "hosts" (("#!/usr/bin/env bash") diff --git a/gnu/packages/containers.scm b/gnu/packages/containers.scm index 3982f4f059..8976ca3b20 100644 --- a/gnu/packages/containers.scm +++ b/gnu/packages/containers.scm @@ -236,7 +236,7 @@ (define-public slirp4netns (add-after 'unpack 'fix-hardcoded-paths (lambda _ (substitute* (find-files "tests" "\\.sh") - (("ping") "/run/setuid-programs/ping"))))))) + (("ping") "/run/privileged/bin/ping"))))))) (inputs (list glib libcap diff --git a/gnu/packages/debian.scm b/gnu/packages/debian.scm index 4319d3a518..308f2bc286 100644 --- a/gnu/packages/debian.scm +++ b/gnu/packages/debian.scm @@ -493,8 +493,8 @@ (define-public pbuilder (lambda () (format #t "# A couple of presets to make this work more smoothly.~@ MIRRORSITE=\"http://deb.debian.org/debian\"~@ - if [ -r /run/setuid-programs/sudo ]; then~@ - PBUILDERROOTCMD=\"/run/setuid-programs/sudo -E\"~@ + if [ -r /run/privileged/bin/sudo ]; then~@ + PBUILDERROOTCMD=\"/run/privileged/bin/sudo -E\"~@ fi~@ PBUILDERSATISFYDEPENDSCMD=\"~a/lib/pbuilder/pbuilder-satisfydepends-apt\"~%" #$output))))) diff --git a/gnu/packages/disk.scm b/gnu/packages/disk.scm index f9fe9c5989..4f78a3aa9e 100644 --- a/gnu/packages/disk.scm +++ b/gnu/packages/disk.scm @@ -198,10 +198,10 @@ (define-public udevil ;; udevil expects these programs to be run with uid set as root. ;; user has to manually add these programs to setuid-programs. ;; mount and umount are default setuid-programs in guix system. - "--with-mount-prog=/run/setuid-programs/mount" - "--with-umount-prog=/run/setuid-programs/umount" - "--with-losetup-prog=/run/setuid-programs/losetup" - "--with-setfacl-prog=/run/setuid-programs/setfacl") + "--with-mount-prog=/run/privileged/bin/mount" + "--with-umount-prog=/run/privileged/bin/umount" + "--with-losetup-prog=/run/privileged/bin/losetup" + "--with-setfacl-prog=/run/privileged/bin/setfacl") #:phases (modify-phases %standard-phases (add-after 'unpack 'remove-root-reference @@ -212,12 +212,12 @@ (define-public udevil (add-after 'unpack 'patch-udevil-reference ;; udevil expects itself to be run with uid set as root. ;; devmon also expects udevil to be run with uid set as root. - ;; user has to manually add udevil to setuid-programs. + ;; user has to manually add udevil to privileged-programs. (lambda _ (substitute* "src/udevil.c" - (("/usr/bin/udevil") "/run/setuid-programs/udevil")) + (("/usr/bin/udevil") "/run/privileged/bin/udevil")) (substitute* "src/devmon" - (("`which udevil 2>/dev/null`") "/run/setuid-programs/udevil")) + (("`which udevil 2>/dev/null`") "/run/privileged/bin/udevil")) #t))))) (native-inputs (list intltool pkg-config)) diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm index a08ad05143..0bb6bf3bcc 100644 --- a/gnu/packages/enlightenment.scm +++ b/gnu/packages/enlightenment.scm @@ -150,8 +150,8 @@ (define-public efl "-Dbuild-examples=false" "-Decore-imf-loaders-disabler=scim" "-Dglib=true" - "-Dmount-path=/run/setuid-programs/mount" - "-Dunmount-path=/run/setuid-programs/umount" + "-Dmount-path=/run/privileged/bin/mount" + "-Dunmount-path=/run/privileged/bin/umount" "-Dnetwork-backend=connman" ,,@(if (member (%current-system) (package-transitive-supported-systems luajit)) @@ -339,7 +339,7 @@ (define-public enlightenment (substitute* '("src/bin/e_sys_main.c" "src/bin/e_util_suid.h") (("PATH=/bin:/usr/bin:/sbin:/usr/sbin") - (string-append "PATH=/run/setuid-programs:" + (string-append "PATH=/run/privileged/bin:" "/run/current-system/profile/bin:" "/run/current-system/profile/sbin"))) (substitute* "src/modules/everything/evry_plug_calc.c" @@ -348,8 +348,8 @@ (define-public enlightenment (("libddcutil\\.so\\.?" libddcutil) (string-append ddcutil "/lib/" libddcutil))) (substitute* "data/etc/meson.build" - (("/bin/mount") "/run/setuid-programs/mount") - (("/bin/umount") "/run/setuid-programs/umount") + (("/bin/mount") "/run/privileged/bin/mount") + (("/bin/umount") "/run/privileged/bin/umount") (("/usr/bin/eject") "/run/current-system/profile/bin/eject")) (substitute* "src/bin/system/e_system_power.c" (("systemctl") "loginctl")))))))) diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 19a96ef9f4..1891e9bf11 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -9013,7 +9013,7 @@ (define-public gdm "--localstatedir=/var" (string-append "-Ddefault-path=" - (string-join '("/run/setuid-programs" + (string-join '("/run/privileged/bin" "/run/current-system/profile/bin" "/run/current-system/profile/sbin") ":")) @@ -9290,7 +9290,7 @@ (define-public gnome-control-center inputs "bin/nm-connection-editor")))) (substitute* "panels/user-accounts/run-passwd.c" (("/usr/bin/passwd") - "/run/setuid-programs/passwd")) + "/run/privileged/bin/passwd")) (substitute* "panels/info-overview/cc-info-overview-panel.c" (("DATADIR \"/gnome/gnome-version.xml\"") (format #f "~s" (search-input-file diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 13e2ca9493..19c68cc429 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -5027,7 +5027,7 @@ (define-public singularity (substitute* (find-files "libexec/cli" "\\.exec$") (("\\$SINGULARITY_libexecdir/singularity/bin/([a-z]+)-suid" _ program) - (string-append "/run/setuid-programs/singularity-" + (string-append "/run/privileged/bin/singularity-" program "-helper"))) ;; These squashfs mount options are apparently no longer diff --git a/gnu/packages/lxde.scm b/gnu/packages/lxde.scm index 0657db6eb8..9b380ede0e 100644 --- a/gnu/packages/lxde.scm +++ b/gnu/packages/lxde.scm @@ -372,26 +372,23 @@ (define-public spacefm (substitute* '("mime-type/mime-type.c" "ptk/ptk-file-menu.c") (("/usr(/local)?/share/mime") mime))) #t))) - (add-after 'patch-mime-dirs 'patch-setuid-progs + (add-after 'patch-mime-dirs 'patch-privileged-programs (lambda _ - (let* ((su "/run/setuid-programs/su") - (mount "/run/setuid-programs/mount") - (umount "/run/setuid-programs/umount") - (udevil "/run/setuid-programs/udevil")) + (let ((privileged (lambda (command) + (string-append "/run/privileged/bin/" + command)))) (with-directory-excursion "src" (substitute* '("settings.c" "settings.h" "vfs/vfs-file-task.c" "vfs/vfs-volume-hal.c" "../data/ui/prefdlg.ui" "../data/ui/prefdlg2.ui") - (("(/usr)?/bin/su") su) - (("/(bin|sbin)/mount") mount) - (("/(bin|sbin)/umount") umount) - (("/usr/bin/udevil") udevil))) + (("(/usr)?/s?bin/(mount|umount|su|udevil)" _ _ command) + (privileged command)))) #t))) - (add-after 'patch-setuid-progs 'patch-spacefm-conf + (add-after 'patch-privileged-programs 'patch-spacefm.conf (lambda* (#:key inputs #:allow-other-keys) (substitute* "etc/spacefm.conf" (("#terminal_su=/bin/su") - "terminal_su=/run/setuid-programs/su") + "terminal_su=/run/privileged/bin/su") (("#graphical_su=/usr/bin/gksu") (string-append "graphical_su=" (search-input-file inputs "/bin/ktsuss"))))))) diff --git a/gnu/packages/monitoring.scm b/gnu/packages/monitoring.scm index 74ec7b6cdf..2571994624 100644 --- a/gnu/packages/monitoring.scm +++ b/gnu/packages/monitoring.scm @@ -187,7 +187,7 @@ (define-public zabbix-agentd "src/zabbix_server/server.c") ;; 'fping' must be setuid, so look for it in the usual location. (("/usr/sbin/fping6?") - "/run/setuid-programs/fping"))))) + "/run/privileged/bin/fping"))))) (build-system gnu-build-system) (arguments (list #:configure-flags diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index 64a26edb02..ac1d0f3cd3 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -761,7 +761,7 @@ (define-public ganeti ;; hard coded PATH. Patch so it works on Guix System. (substitute* "src/Ganeti/Constants.hs" (("/sbin:/bin:/usr/sbin:/usr/bin") - "/run/setuid-programs:/run/current-system/profile/sbin:\ + "/run/privileged/bin:/run/current-system/profile/sbin:\ /run/current-system/profile/bin")))) (add-after 'bootstrap 'patch-sphinx-version-detection (lambda _ diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm index 2ebeb4e013..d53329b243 100644 --- a/gnu/packages/xdisorg.scm +++ b/gnu/packages/xdisorg.scm @@ -2434,7 +2434,7 @@ (define-public xsecurelock '(#:configure-flags '("--with-pam-service-name=login" "--with-xkb" - "--with-default-authproto-module=/run/setuid-programs/authproto_pam"))) + "--with-default-authproto-module=/run/privileged/bin/authproto_pam"))) (native-inputs (list pandoc pkg-config)) (inputs diff --git a/gnu/services/dbus.scm b/gnu/services/dbus.scm index 5efd6bdadf..cb1c94a607 100644 --- a/gnu/services/dbus.scm +++ b/gnu/services/dbus.scm @@ -114,7 +114,7 @@ (define (services->sxml services) ;; failures such as <https://issues.guix.gnu.org/52051> on slow ;; computers with slow I/O. (limit (@ (name "auth_timeout")) "300000") - (servicehelper "/run/setuid-programs/dbus-daemon-launch-helper") + (servicehelper "/run/privileged/bin/dbus-daemon-launch-helper") ;; First, the '.service' files of services subject to activation. ;; We use a fixed location under /etc because the setuid helper diff --git a/gnu/services/ganeti.scm b/gnu/services/ganeti.scm index f4fec3833e..ee72946c88 100644 --- a/gnu/services/ganeti.scm +++ b/gnu/services/ganeti.scm @@ -182,7 +182,7 @@ (define-module (gnu services ganeti) ;; Ceph, Gluster, etc, without having to add absolute references to everything. (define %default-ganeti-environment-variables (list (string-append "PATH=" - (string-join '("/run/setuid-programs" + (string-join '("/run/privileged/bin" "/run/current-system/profile/sbin" "/run/current-system/profile/bin") ":")))) diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm index 44e2e8886c..b86b0ab87d 100644 --- a/gnu/services/monitoring.scm +++ b/gnu/services/monitoring.scm @@ -544,7 +544,7 @@ (define (zabbix-agent-shepherd-service config) /etc/ssl/certs" "SSL_CERT_FILE=/run/current-system/profile\ /etc/ssl/certs/ca-certificates.crt" - "PATH=/run/setuid-programs:\ + "PATH=/run/privileged/bin:\ /run/current-system/profile/bin:/run/current-system/profile/sbin"))) (stop #~(make-kill-destructor))))) diff --git a/gnu/tests/ldap.scm b/gnu/tests/ldap.scm index 47e77c0c53..d5ab6899cf 100644 --- a/gnu/tests/ldap.scm +++ b/gnu/tests/ldap.scm @@ -144,7 +144,7 @@ (define marionette (test-assert "Can become LDAP user" (marionette-eval - '(zero? (system* "/run/setuid-programs/su" "eva" "-c" + '(zero? (system* "/run/privileged/bin/su" "eva" "-c" #$(file-append coreutils "/bin/true"))) marionette)) diff --git a/gnu/tests/monitoring.scm b/gnu/tests/monitoring.scm index ae0a8e0845..f5e3f591a7 100644 --- a/gnu/tests/monitoring.scm +++ b/gnu/tests/monitoring.scm @@ -189,11 +189,11 @@ (define marionette (start-service 'postgres)) marionette)) - ;; Add /run/setuid-programs to $PATH so that the scripts passed to + ;; Add privileged programs to $PATH so that the scripts passed to ;; 'system' can find 'sudo'. (marionette-eval '(setenv "PATH" - "/run/setuid-programs:/run/current-system/profile/bin") + "/run/privileged/bin:/run/current-system/profile/bin") marionette) (test-eq "postgres create zabbix user" -- 2.39.1
guix-patches@HIDDEN
:bug#61462
; Package guix-patches
.
Full text available.Received: (at 61462) by debbugs.gnu.org; 12 Feb 2023 20:48:48 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 12 15:48:48 2023 Received: from localhost ([127.0.0.1]:46981 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1pRJHD-0004fo-DC for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:48 -0500 Received: from tobias.gr ([80.241.217.52]:55494) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <me@HIDDEN>) id 1pRJH8-0004er-Nv for 61462 <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:43 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=/ZvZmy/pvEiAm 9YO/43GCSLV5M9Er831E37Xv1M/Sdk=; h=references:in-reply-to:date: subject:to:from; d=tobias.gr; b=GEFf1Q6WdmBPh3QQdYXLCKBQZf+pbjYPbPmVHs Ix5wNVC8HKAOUTjA/nzZPGpsAY84NlBAE5B/x62MScib21pXqYj2JtYpDvSBYNjOp7ntNK amxujQZJaGvYcx4P2n31B0NTBUs16C1xAd5n4F/lkdjE3HS00zYxCjHvKjb4edkQU+UojQ YoMfQ9hTb0wQyscr6XH5SBd4Ny653GqdvxXPEeSZV7rlhlBBbDGJr4F7jkenpvhP3uYlBf R/M3MuHQ2I6MD8R2k+lhjknvw6xZA8OlKHY/B4O/b2qmztwMo7bdfE1CngmdpUus77bopk zX6VWn6OezmbxgAEaEBG85xg== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id c669f1a1 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>; Sun, 12 Feb 2023 20:48:38 +0000 (UTC) From: Tobias Geerinckx-Rice <me@HIDDEN> To: 61462 <at> debbugs.gnu.org Subject: [PATCH 03/10] system: Use /run/privileged/bin in search paths. Date: Sun, 5 Feb 2023 01:00:12 +0100 Message-Id: <20230205000019.6259-3-me@HIDDEN> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230205000019.6259-1-me@HIDDEN> References: <20230205000019.6259-1-me@HIDDEN> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: 2.1 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: * gnu/system.scm (operating-system-etc-service): Substitute /run/privileged/bin for deprecated /run/setuid-programs. --- gnu/system.scm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gnu/system.scm b/gnu/system.scm index 85380136e2..446439bcac 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -987, 10 +987, 10 @@ (define* (operating-system-etc-service os) (plain-file [...] Content analysis details: (2.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Debbugs-Envelope-To: 61462 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 1.1 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: * gnu/system.scm (operating-system-etc-service): Substitute /run/privileged/bin for deprecated /run/setuid-programs. --- gnu/system.scm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gnu/system.scm b/gnu/system.scm index 85380136e2..446439bcac 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -987,10 +987,10 @@ (define* (operating-system-etc-service os) (plain-file [...] Content analysis details: (1.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager * gnu/system.scm (operating-system-etc-service): Substitute /run/privileged/bin for deprecated /run/setuid-programs. --- gnu/system.scm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gnu/system.scm b/gnu/system.scm index 85380136e2..446439bcac 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -987,10 +987,10 @@ (define* (operating-system-etc-service os) (plain-file "login.defs" (string-append "# Default paths for non-login shells started by su(1).\n" - "ENV_PATH /run/setuid-programs:" + "ENV_PATH /run/privileged/bin:" "/run/current-system/profile/bin:" "/run/current-system/profile/sbin\n" - "ENV_SUPATH /run/setuid-programs:" + "ENV_SUPATH /run/privileged/bin:" "/run/current-system/profile/bin:" "/run/current-system/profile/sbin\n" @@ -1054,8 +1054,8 @@ (define* (operating-system-etc-service os) fi done -# Prepend setuid programs. -export PATH=/run/setuid-programs:$PATH +# Prepend privileged programs. +export PATH=/run/privileged/bin:$PATH # Arrange so that ~/.config/guix/current/share/info comes first. export INFOPATH=\"$HOME/.config/guix/current/share/info:$INFOPATH\" -- 2.39.1
guix-patches@HIDDEN
:bug#61462
; Package guix-patches
.
Full text available.Received: (at 61462) by debbugs.gnu.org; 12 Feb 2023 20:48:47 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 12 15:48:47 2023 Received: from localhost ([127.0.0.1]:46975 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1pRJHC-0004ff-BF for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:47 -0500 Received: from tobias.gr ([80.241.217.52]:55494) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <me@HIDDEN>) id 1pRJH7-0004er-Fr for 61462 <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=5tFfkKxpMd3bB bpVZiikglYPcukrEKCFJmRToqyzCmk=; h=references:in-reply-to:date: subject:to:from; d=tobias.gr; b=l5VUS6v/IYrPOtpvmBUkXmp7Z97RkH02Dra6eU dIrkQKehdliLfTGLrAyok0JX9bVxd63KZFEd5ri8fgs65FLPTtXP9NYVq40G630/rta8uJ 4wOuv7yzkkE8Au99he1ezQl6p7VOLTk45k+OkfBvRXMQs9ZMqVUWTUIhVxkaTzb4fyBxe0 Bd5w4pgqUK+jGiYcY9gL3S0B2E5sg27hzaVA/jZ0A4LmEtKaiV73yNlfdg+OBlNdjeFRZX u/uUwVLrGQyspZ0TvTP857uowe45czH5cq0yqmnnPC+SU+yPNh1XpL0GLOzMsXNaGiL6f1 W2S4P8hGY0IKg9PvndjsqtOA== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id ab3c4ee2 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>; Sun, 12 Feb 2023 20:48:37 +0000 (UTC) From: Tobias Geerinckx-Rice <me@HIDDEN> To: 61462 <at> debbugs.gnu.org Subject: [PATCH 02/10] services: setuid-program: Populate /run/privileged/bin. Date: Sun, 5 Feb 2023 01:00:11 +0100 Message-Id: <20230205000019.6259-2-me@HIDDEN> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230205000019.6259-1-me@HIDDEN> References: <20230205000019.6259-1-me@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 2.1 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Create /run/setuid-programs compatibility symlinks so that we can migrate all users (both package and human) piecemeal at our leisure. Apart from being symlinks, this should be a user-invisible change. Content analysis details: (2.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Debbugs-Envelope-To: 61462 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 1.1 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Create /run/setuid-programs compatibility symlinks so that we can migrate all users (both package and human) piecemeal at our leisure. Apart from being symlinks, this should be a user-invisible change. Content analysis details: (1.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager Create /run/setuid-programs compatibility symlinks so that we can migrate all users (both package and human) piecemeal at our leisure. Apart from being symlinks, this should be a user-invisible change. * gnu/build/activation.scm (%privileged-program-directory): New variable. [activate-setuid-programs]: Put privileged copies in %PRIVILEGED-PROGRAM-DIRECTORY, with compatibility symlinks to each in %SETUID-DIRECTORY. * gnu/services.scm (setuid-program-service-type): Update docstring. * doc/guix.texi (Setuid Programs): Update @file{} name accordingly. --- doc/guix.texi | 2 +- gnu/build/activation.scm | 54 ++++++++++++++++++++++++++-------------- gnu/services.scm | 9 +++++-- 3 files changed, 44 insertions(+), 21 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 44e2165a82..009bcf5d40 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -38219,7 +38219,7 @@ The list includes commands such as @command{passwd}, @command{ping}, @end defvar Under the hood, the actual setuid programs are created in the -@file{/run/setuid-programs} directory at system activation time. The +@file{/run/privileged/bin} directory at system activation time. The files in this directory refer to the ``real'' binaries, which are in the store. diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm index eea2233563..af947a39fa 100644 --- a/gnu/build/activation.scm +++ b/gnu/build/activation.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2021 Maxime Devos <maximedevos@HIDDEN> ;;; Copyright © 2020 Christine Lemmer-Webber <cwebber@HIDDEN> ;;; Copyright © 2021 Brice Waegeneire <brice@HIDDEN> +;;; Copyright © 2022 Tobias Geerinckx-Rice <me@HIDDEN> ;;; ;;; This file is part of GNU Guix. ;;; @@ -278,14 +279,29 @@ (define (rm-f file) string<?))) (define %setuid-directory - ;; Place where setuid programs are stored. + ;; Place where setuid programs used to be stored. It exists for backwards + ;; compatibility & will be removed. Use %PRIVILEGED-PROGRAM-DIRECTORY instead. "/run/setuid-programs") +(define %privileged-program-directory + ;; Place where privileged copies of programs are stored. + "/run/privileged/bin") + (define (activate-setuid-programs programs) - "Turn PROGRAMS, a list of file setuid-programs record, into setuid programs -stored under %SETUID-DIRECTORY." - (define (make-setuid-program program setuid? setgid? uid gid) - (let ((target (string-append %setuid-directory + "Turn PROGRAMS, a list of file setuid-programs records, into privileged +copies stored under %PRIVILEGED-PROGRAM-DIRECTORY." + (define (ensure-empty-directory directory) + (if (file-exists? directory) + (for-each (compose delete-file + (cut string-append directory "/" <>)) + (scandir directory + (lambda (file) + (not (member file '("." "..")))) + string<?)) + (mkdir-p directory)) ) + + (define (make-privileged-program program setuid? setgid? uid gid) + (let ((target (string-append %privileged-program-directory "/" (basename program))) (mode (+ #o0555 ; base permissions (if setuid? #o4000 0) ; setuid bit @@ -294,16 +310,17 @@ (define (make-setuid-program program setuid? setgid? uid gid) (chown target uid gid) (chmod target mode))) - (format #t "setting up setuid programs in '~a'...~%" - %setuid-directory) - (if (file-exists? %setuid-directory) - (for-each (compose delete-file - (cut string-append %setuid-directory "/" <>)) - (scandir %setuid-directory - (lambda (file) - (not (member file '("." "..")))) - string<?)) - (mkdir-p %setuid-directory)) + (define (make-deprecated-wrapper program) + ;; This will eventually become a script that warns on usage, then vanish. + (symlink (string-append %privileged-program-directory + "/" (basename program)) + (string-append %setuid-directory + "/" (basename program)))) + + (format #t "setting up privileged program in '~a'...~%" + %privileged-program-directory) + (ensure-empty-directory %privileged-program-directory) + (ensure-empty-directory %setuid-directory) (for-each (lambda (program) (catch 'system-error @@ -319,11 +336,12 @@ (define (make-setuid-program program setuid? setgid? uid gid) (gid (match group ((? string?) (group:gid (getgrnam group))) ((? integer?) group)))) - (make-setuid-program program-name setuid? setgid? uid gid))) + (make-privileged-program program-name setuid? setgid? uid gid) + (make-deprecated-wrapper program-name))) (lambda args ;; If we fail to create a setuid program, better keep going - ;; so that we don't leave %SETUID-DIRECTORY empty or - ;; half-populated. This can happen if PROGRAMS contains + ;; so that we don't leave %PRIVILEGED-PROGRAM-DIRECTORY empty + ;; or half-populated. This can happen if PROGRAMS contains ;; incorrect file names: <https://bugs.gnu.org/38800>. (format (current-error-port) "warning: failed to make ~s setuid/setgid: ~a~%" diff --git a/gnu/services.scm b/gnu/services.scm index 2abef557d4..26546e1369 100644 --- a/gnu/services.scm +++ b/gnu/services.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2021 raid5atemyhomework <raid5atemyhomework@HIDDEN> ;;; Copyright © 2020 Christine Lemmer-Webber <cwebber@HIDDEN> ;;; Copyright © 2020, 2021 Brice Waegeneire <brice@HIDDEN> +;;; Copyright © 2022 Tobias Geerinckx-Rice <me@HIDDEN> ;;; ;;; This file is part of GNU Guix. ;;; @@ -842,8 +843,12 @@ (define setuid-program-service-type (extend (lambda (config extensions) (append config extensions))) (description - "Populate @file{/run/setuid-programs} with the specified -executables, making them setuid and/or setgid."))) + "Copy the specified executables to @file{/run/privileged/bin} +and apply special privileges like setuid and/or setgid. + +The deprecated @file{/run/setuid-programs} directory is also populated with +symbolic links to their @file{/run/privileged/bin} counterpart. It will be +removed in a future Guix release."))) (define (packages->profile-entry packages) "Return a system entry for the profile containing PACKAGES." -- 2.39.1
guix-patches@HIDDEN
:bug#61462
; Package guix-patches
.
Full text available.Received: (at 61462) by debbugs.gnu.org; 12 Feb 2023 20:48:42 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 12 15:48:42 2023 Received: from localhost ([127.0.0.1]:46965 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1pRJH7-0004f0-Tz for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:42 -0500 Received: from tobias.gr ([80.241.217.52]:55494) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <me@HIDDEN>) id 1pRJH6-0004er-Kl for 61462 <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:41 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=nF/hgv2p6t9O6 lO+N6CZRtIf9bo+/k1f6ne11MF0Llk=; h=date:subject:to:from; d=tobias.gr; b=Bsz/HHCy1TT4VpnuoTFD4qN5S6yazi1zKhqT/04b674+6Nwkn/19Ezh6iXSXJb7LNUIQ PwlPT6go/XkD77z8kfm5q3kyhHY2sUMhb/zjIFlUGDQK5SJ3viEURiKbo5NiTxzo3uwhsZ 4pxiW+dMnPC2l23bgyb+8UMwSZmTvym8/NGZiGLfIZK0XeqlnC7Qx6RE93AapUxn47Kf1o 6qMfKvACRt44LRbwb0pfdoEh+KELn9gs2egV1HSTuLG572AhSdYC3dM+3ECqka1RRTyCBD eSeZinPsuckN67T75egImLIZ784/YDI876sCWM5EspmrAm5FVEP8O/OA/ewf8eKQ== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 75cd3a89 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>; Sun, 12 Feb 2023 20:48:37 +0000 (UTC) From: Tobias Geerinckx-Rice <me@HIDDEN> To: 61462 <at> debbugs.gnu.org Subject: [PATCH 01/10] system: Disallow file-like setuid-programs. Date: Sun, 5 Feb 2023 01:00:10 +0100 Message-Id: <20230205000019.6259-1-me@HIDDEN> X-Mailer: git-send-email 2.39.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 2.1 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: It has been a warning for well over a year now. Now, with privileged-programs coming, don't let's support nested deprecation hacks. * gnu/system.scm (<operating-system>): Don't ‘sanitize’ the setuid-programs field. (ensure-setuid-program-list): Delete syntax. (%ensure-setuid-program-list): Delete variable. --- gnu/system.scm | [...] Content analysis details: (2.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Debbugs-Envelope-To: 61462 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 1.1 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: It has been a warning for well over a year now. Now, with privileged-programs coming, don't let's support nested deprecation hacks. * gnu/system.scm (<operating-system>): Don't ‘sanitize’ the setuid-programs field. (ensure-setuid-program-list): Delete syntax. (%ensure-setuid-program-list): Delete variable. --- gnu/system.scm | [...] Content analysis details: (1.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager It has been a warning for well over a year now. Now, with privileged-programs coming, don't let's support nested deprecation hacks. * gnu/system.scm (<operating-system>): Don't ‘sanitize’ the setuid-programs field. (ensure-setuid-program-list): Delete syntax. (%ensure-setuid-program-list): Delete variable. --- gnu/system.scm | 28 +--------------------------- 1 file changed, 1 insertion(+), 27 deletions(-) diff --git a/gnu/system.scm b/gnu/system.scm index df60fda53b..85380136e2 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -297,8 +297,7 @@ (define-record-type* <operating-system> operating-system (pam-services operating-system-pam-services ; list of PAM services (default (base-pam-services))) (setuid-programs operating-system-setuid-programs - (default %setuid-programs) ; list of <setuid-program> - (sanitize ensure-setuid-program-list)) + (default %setuid-programs)) ; list of <setuid-program> (sudoers-file operating-system-sudoers-file ; file-like (default %sudoers-specification)) @@ -1214,31 +1213,6 @@ (define (operating-system-environment-variables os) ;; TODO: Remove when glibc@HIDDEN is long gone. ("GUIX_LOCPATH" . "/run/current-system/locale"))) -;; Ensure LST is a list of <setuid-program> records and warn otherwise. -(define-with-syntax-properties (ensure-setuid-program-list (lst properties)) - (%ensure-setuid-program-list lst properties)) - -;; We want to be able to use defines, so define a procedure. -(define (%ensure-setuid-program-list lst properties) - (define warned? #f) - - (define (warn-once) - (unless warned? - (warning (source-properties->location properties) - (G_ "representing setuid programs with file-like objects is \ -deprecated; use 'setuid-program' instead~%")) - (set! warned? #t))) - - (map (match-lambda - ((? setuid-program? program) - program) - (program - ;; PROGRAM is a file-like or a gexp like #~(string-append #$foo - ;; "/bin/bar"). - (warn-once) - (setuid-program (program program)))) - lst)) - (define %setuid-programs ;; Default set of setuid-root programs. (let ((shadow (@ (gnu packages admin) shadow))) base-commit: 2b1383c0a2f79117103b142440c64f6a751d545d prerequisite-patch-id: 886fb4af654b597857d992a7c1e9c4bcc8bf5ab6 prerequisite-patch-id: 159d9e2558e5fb2dfc1d7442440e154dba14e500 prerequisite-patch-id: 2a1dffe5206b8a67cc544267d4ce4ddd23f3f290 prerequisite-patch-id: 992a4004d5fc0c427696da0b142942008c987083 prerequisite-patch-id: ee47c54ab1f9c72ee6974eca16aa311c80601048 prerequisite-patch-id: b50c71d9cc8fb39d18f448d9db6d61eca9f0f25b prerequisite-patch-id: 15aab9bfe126cf392055f82d0831ad2bd8622ad4 prerequisite-patch-id: 83928f7dc391bf556c5d4405ca966c60bfdfff4b prerequisite-patch-id: 4370270b5f1db400fe91d922da17390ef76d7962 prerequisite-patch-id: 1bf3ab2da9cb51156f6b28aac26b1c9e46f58f3c prerequisite-patch-id: e082433b46efa579b4026c24466af3bb375c66a9 prerequisite-patch-id: 37587dd99ea94d6fd06e5a85600364a9b9e30257 prerequisite-patch-id: 48b2c23df7636eb66789649d5465c5aba5551c6d prerequisite-patch-id: ee83168a69856ce6aacac6399af1e0f6b6126001 prerequisite-patch-id: 313f790e410773ccec61a27665d372b1f45b7236 prerequisite-patch-id: e82c8b9f3dd1b945f7cb937cf34f308b74759ca8 prerequisite-patch-id: ebd98ed22463fdb02fcfc5108a39bda89020cddd prerequisite-patch-id: aa023f744b32055ca87a6131b0791d7524f03749 prerequisite-patch-id: 780a9840ba83b219743a5d4847dcec3e6bd4eb4c prerequisite-patch-id: d337437b304428933fd187c3d38669f1ab6810f5 prerequisite-patch-id: 088d2163c05a955c2dc69c32cfd07a2c9bbb38fe prerequisite-patch-id: f49f51dfc2e47144c8c9b27534f4d041d4c0abce -- 2.39.1
guix-patches@HIDDEN
:bug#61462
; Package guix-patches
.
Full text available.Received: (at submit) by debbugs.gnu.org; 12 Feb 2023 20:45:18 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 12 15:45:18 2023 Received: from localhost ([127.0.0.1]:46957 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1pRJDq-0004VL-Ak for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:45:18 -0500 Received: from lists.gnu.org ([209.51.188.17]:54442) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <me@HIDDEN>) id 1pRJDo-0004VD-J1 for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:45:16 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <me@HIDDEN>) id 1pRJDn-0002WH-Vy for guix-patches@HIDDEN; Sun, 12 Feb 2023 15:45:16 -0500 Received: from tobias.gr ([2a02:c205:2020:6054::1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <me@HIDDEN>) id 1pRJDk-0000tl-TH for guix-patches@HIDDEN; Sun, 12 Feb 2023 15:45:15 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=48mqN4ozzI93N As3Xg8tnAUTIE+Gv+HIjmMu4HdIqG8=; h=date:subject:to:from; d=tobias.gr; b=ics9WN2xNmUAeM1QmgZA0UdxFCbGY5xRjMsSiKiOItDVR7VSHUPkTVlMdFMMn+7tOj5V l2F+Bj6lyheQnWMVVCsShldzzAQCxD9JTd86+iPquWAaDbEdz2NfjjsPfNgHwV7/4p2K43 mMyzKTTTt6U43NrtdWuKqFbJs3ON8xhXUir+SSKbY9kI7z0eRHHZMEyS6w85eizcyPzfGm n/3fwRXfyhDEWmtrABwSAj1WQorLQEY/37ABn0h58RjwjpHOGM01ChJi4J+MB59ARBRJSi o87HkdhQgN6VkDcHv4cTeVrEwbnvOJAPOF5boT6er2x/Zaw1fkJX6g0FDogRIGmw== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 552c9a40 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <guix-patches@HIDDEN>; Sun, 12 Feb 2023 20:45:06 +0000 (UTC) From: Tobias Geerinckx-Rice <me@HIDDEN> To: guix-patches@HIDDEN Subject: Add support for file capabilities(7) Date: Sun, 12 Feb 2023 21:37:54 +0100 BIMI-Selector: v=BIMI1; s=default; Message-ID: <87r0uuehlr.fsf@nckx> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@HIDDEN; helo=tobias.gr X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.6 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.6 (--) --=-=-= Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Hi Guix, I need to offload some of my eternally rebased local patches.=20 Here's one that makes it easy to assign capabilities(7) =E2=80=94=20 currently through setcap(8) =E2=80=94 to programmes like we can=20 set{u,g}id. There are many packages that benefit from this. Mine are: (privileged-programs (cons* (privileged-program (file-append mtr "/sbin/mtr") (capabilities "cap_net_raw+ep")) (privileged-program (file-append nethogs "/sbin/nethogs") (capabilities "cap_net_admin,cap_new_raw+ep")) (privileged-program (file-append light "/bin/light") (setuid? #t)) %default-privileged-programs)) The set's over a year old and needs a bit of love. Some details=20 might have bitrot, I probably forgot a to-do or two in that year,=20 and there's something unguixy about calling setcap(8) instead of=20 writing a completely new Guile binding/module :-) I'm quite opinionated about the setuid-programs unification: there=20 should not be multiple confusing and masking layers of privilege,=20 and it should be possible to setgid a capable executable. Kind regards, T G-R --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCY+lQYA0cbWVAdG9iaWFz LmdyAAoJEA2w/4hPVW15h3kBAOtjELUR1tSfAWbx7f7qjNB0pyTrg2RiycYVSiWu cBUuAQC0JQh8dHFZx3vQLwN8HH5iZt2nmiHI49u7qlNWdWiECQ== =RXHi -----END PGP SIGNATURE----- --=-=-=--
Tobias Geerinckx-Rice <me@HIDDEN>
:guix-patches@HIDDEN
.
Full text available.guix-patches@HIDDEN
:bug#61462
; Package guix-patches
.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.