GNU bug report logs - #62725
Undefined activation ordering between ‘setuid-program-service-type’ and ‘account-service-type’

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Package: guix; Reported by: Brian Cully <bjc@HIDDEN>; dated Sat, 8 Apr 2023 15:05:02 UTC; Maintainer for guix is bug-guix@HIDDEN.
Added blocking bug(s) 62726 Request was from Leo Famulari <leo@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 8 Apr 2023 15:04:27 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Apr 08 11:04:27 2023
Received: from localhost ([127.0.0.1]:59300 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1plA79-0006Op-8M
	for submit <at> debbugs.gnu.org; Sat, 08 Apr 2023 11:04:27 -0400
Received: from lists.gnu.org ([209.51.188.17]:39876)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <bjc@HIDDEN>) id 1plA77-0006Oh-LL
 for submit <at> debbugs.gnu.org; Sat, 08 Apr 2023 11:04:26 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <bjc@HIDDEN>) id 1plA77-0002N3-0X
 for bug-guix@HIDDEN; Sat, 08 Apr 2023 11:04:25 -0400
Received: from coleridge.kublai.com ([166.84.7.167] helo=mail.spork.org)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <bjc@HIDDEN>) id 1plA75-0003W0-Gg
 for bug-guix@HIDDEN; Sat, 08 Apr 2023 11:04:24 -0400
Received: from psyduck (ool-18b8e9e7.dyn.optonline.net [24.184.233.231])
 by mail.spork.org (Postfix) with ESMTPSA id 553B9A86E
 for <bug-guix@HIDDEN>; Sat,  8 Apr 2023 11:04:06 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=spork.org; s=dkim;
 t=1680966246; bh=jF/JkC3ivVgibGXvzyKDDYPP9VPaEKtX7T2LggvK0wk=;
 h=From:To:Subject:Date;
 b=OGO8j8lj6BLioCrm6qpbYy6n5GfXmANv5DA5WzVSY3HAmRTqxByPfHRMlZj4h6HeA
 wMO8Y+I3qUT+uZp/6j1iE+zjPnFmPiTAmbmb8swNdcETktWE1bEqFhZXlK+X/Unxf9
 hbmEwiaPyKylogu0Oup3pqxJ96C1cK/G886xtEc0=
User-agent: mu4e 1.10.0; emacs 28.2
From: Brian Cully <bjc@HIDDEN>
To: bug-guix@HIDDEN
Subject: Undefined activation ordering between =?utf-8?Q?=E2=80=98setuid-p?=
 =?utf-8?Q?rogram-service-type=E2=80=99?=
 and =?utf-8?Q?=E2=80=98account-service-type=E2=80=99?=
Date: Sat, 08 Apr 2023 10:53:07 -0400
Message-ID: <878rf24dqz.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=166.84.7.167; envelope-from=bjc@HIDDEN;
 helo=mail.spork.org
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)


There is currently no way to ensure that an account exists before=20
creating /run/setuid-programs, which means a setuid-program which=20
uses a custom user or group will fail to be created if setuid=20
activation happens before account activation.

As an example, here's a system config where I'm trying to install=20
=E2=80=98/run/setuid-programs/dumpcap=E2=80=99 as setuid root with a primar=
y group=20
of =E2=80=98wireshark=E2=80=99, also created by this config:

--8<---------------cut here---------------start------------->8---
(use-modules (gnu)
             (gnu system setuid))
(use-package-modules networking)
(use-service-modules setuid)

;; TODO: make name configurable
(define %wireshark-groups
  (list (user-group
         (name "wireshark")
         (system? #t))))

(define %wireshark-setuid-programs
  (list (setuid-program
         (program (file-append wireshark "/bin/dumpcap"))
         (group "wireshark")
         #;(mask #o550))))

(define wireshark-service-type
  (service-type
   (name 'wireshark)
   (description "Allow use of wireshark by regular users in the=20
   @code{wireshark} group.")
   (extensions
    (list (service-extension account-service-type
                             (const %wireshark-groups))
          (service-extension setuid-program-service-type
                             (const %wireshark-setuid-programs))))
   (default-value #f)))

(operating-system
  (locale "en_US.utf8")
  (timezone "America/New_York")
  (keyboard-layout (keyboard-layout "us"))
  (host-name "wireshark-test")

  (users (cons* (user-account
                 (name "test")
                 (group "users")
                 (password (crypt "test" "$6$test"))
                 (supplementary-groups
                  '("wireshark")))
                %base-user-accounts))
  (packages
   (cons*
    (specification->package "wireshark")
    %base-packages))

  (services
   (cons*
    (service wireshark-service-type)
    %base-services))

  (bootloader
   (bootloader-configuration
    (bootloader grub-efi-bootloader)
    (targets '("/boot/efi"))
    (keyboard-layout keyboard-layout)))

  (file-systems
   (cons* (file-system
            (mount-point "/")
            (device
             (uuid "14f4e958-be9e-41bb-bd25-e90a7330093c"
                   'btrfs))
            (type "btrfs"))
          (file-system
            (mount-point "/boot/efi")
            (device (uuid "6866-56B1" 'fat32))
            (type "vfat"))
          %base-file-systems)))
--8<---------------cut here---------------end--------------->8---

When trying to boot this system in a VM, I'm told that the dumpcap=20
binary couldn't be created because the file wasn't found. The=20
returned error is improperly attributed: the source file does=20
exist, and the error code is actually coming from getgrent(3)=20
which cannot find the =E2=80=98wireshark=E2=80=99 group.

Tracing through the activation scripts shows this to be because,=20
in this case, setuid-program activation happens before=20
account-activation.

Thanks to jpoiret for doing a lot of the investigative work here,=20
which I'm merely verifying through testing.

I believe the correct solution here is to move =E2=80=98setuid-program=E2=
=80=99=20
activation to a one-shot Shepherd service, because Shepherd allows=20
explicit ordering, as well as other advantages. To that end, I=20
have a patch which does precisely that, which I will send to the=20
patches list shorty.

-bjc
Acknowledgement sent to Brian Cully <bjc@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#62725; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Sat, 8 Apr 2023 17:00:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.