bug#48974: A possible shepherd bug (it's very minor)

unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed

From: Leo Prikler <leo.prikler@student.tugraz.at>
To: jbranso@dismail.de, 48974@debbugs.gnu.org
Subject: bug#48974: A possible shepherd bug (it's very minor)
Date: Sat, 12 Jun 2021 23:13:18 +0200	[thread overview]
Message-ID: <13bff20e418f1cec97cdda49ffed51544c5c9402.camel@student.tugraz.at> (raw)
In-Reply-To: <3192d62ef790c16fb2dfb894d9ccb160@dismail.de>

Hi,

Am Samstag, den 12.06.2021, 20:09 +0000 schrieb jbranso@dismail.de:
> June 12, 2021 3:39 PM, "Leo Prikler" <leo.prikler@student.tugraz.at>
> wrote:
> 
> > Am Samstag, den 12.06.2021, 09:26 -0400 schrieb Joshua Branson:
> > 
> > > Hello!
> > > 
> > > I've had this issue every since I enabled automatic login on my
> > > guix
> > > system like so:
> > > 
> > > #+BEGIN_SRC scheme
> > > (define %my-desktop-services
> > > (modify-services
> > > %desktop-services
> > > (mingetty-service-type config =>
> > > (mingetty-configuration
> > > (inherit config)
> > > ;;auto login as joshua
> > > (auto-login "joshua")))))
> > > 
> > > (operating-system
> > > ...
> > > (services (list %my-desktop-services)))
> > > #+END_SRC
> > 
> > I am sorry to say this, but rather than this being (just) a bug
> > with
> 
> Thank you for speaking so gently! :)
> 
> > shepherd, your config looks seriously borked. Why are you asking
> > Guix
> > to autologin you on *every available console*?
> 
> HAHAHA! That's what I'm doing! I forgot that! Honestly, I did that,
> because I
> couldn't figure out how to code "just auto log into console 1 ONLY".
> :)
> 
> Would you mind explaining how bad of a decision this is? Is this a
> BAD security practice?
It is seriously bad practice.  With just one TTY, you can usually
suspend it with programs such as vlock, plus it's expected that you
actually sit in front of the given TTY when the autologin happens. 
With all TTYs though, anyone could switch to the other and "lol, now
I'm jbranso".  The only configuration, that could possibly be worse is
autologin root :P

(Granted, it probably still takes physical access to exploit, but it's
something your family/friends could likely do just to troll you.)

> I'll tell you what, why don't we leave this "bug" open for a
> week...I'll try to write
> the code that does what I want, and I'll email the answer.
> 
> Then I'll edit the manual to provide an example!
I'm pretty sure that the actual bug also exists, just not sure whether
that's on your config or on shepherd.  Using TTY1 for graphical stuff
is also somewhat rare in Guix land, I presume.  (Or rather, I can't
think of it as anything but a container for debug output spam :D)

As for getting this to work only on TTY1, you do get the config object,
so you can do stuff like 
  (if (is-tty1? config) (inherit+autologin config) config)  
Note of course, that is-tty1? is not a procedure that's ready-made, but
one that you'd need to build from primitives such as record accessors.

Regards,
Leo

next prev parent reply	other threads:[~2021-06-12 21:14 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-12 13:26 bug#48974: A possible shepherd bug (it's very minor) Joshua Branson via Bug reports for GNU Guix
2021-06-12 19:39 ` Leo Prikler
2021-06-12 20:09 ` jbranso--- via Bug reports for GNU Guix
2021-06-12 21:13   ` Leo Prikler [this message]
2021-06-25  9:31     ` Joshua Branson via Bug reports for GNU Guix
2021-06-25  9:56       ` Leo Prikler
2021-06-25 18:06         ` Joshua Branson via Bug reports for GNU Guix
2021-06-25 18:28           ` Leo Prikler
2021-07-02 22:57             ` Joshua Branson via Bug reports for GNU Guix
2021-07-03  6:41               ` Leo Prikler
2021-07-03  7:37                 ` pelzflorian (Florian Pelz)
2021-07-05 23:59                 ` Joshua Branson via Bug reports for GNU Guix
2021-06-12 23:34   ` jbranso--- via Bug reports for GNU Guix
2021-06-13  7:48     ` Leo Prikler

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=13bff20e418f1cec97cdda49ffed51544c5c9402.camel@student.tugraz.at \
    --to=leo.prikler@student.tugraz.at \
    --cc=48974@debbugs.gnu.org \
    --cc=jbranso@dismail.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).