From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:403:4789::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id yMjTLGSM+2SPMgAAauVa8A:P1 (envelope-from ) for ; Fri, 08 Sep 2023 23:04:36 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:4789::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id yMjTLGSM+2SPMgAAauVa8A (envelope-from ) for ; Fri, 08 Sep 2023 23:04:36 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 6878D4D9BA for ; Fri, 8 Sep 2023 23:04:36 +0200 (CEST) Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=ShYb0a7s; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1694207076; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:list-id:list-help:list-unsubscribe:list-subscribe: list-post:dkim-signature; bh=ynqbdq4vDN/V4O5wo06N4d9wfI9kwHKXvPI4BTHNyTo=; b=L2FawLCH7lyN9qsorpMn0wKm0hMc2wPCgjIek3Ej/C973Av4P6yelX2/ICOx6fyBONLkYA NhXFXhtV1n4fAsNj02y4Gr4A/SKg+qZ6s/OVN5fSJAvT28L1PmuoVEALgZrrzMkHqc0TD2 XoJG1dFRrdxwrkmq7aOuazzbGf6zU+zQ2yeLbcSEZfN73fs00riw43CAEdtP73+zordPTe /aI7u5R2nMOidL+fBEU1BIhorV8PgHaGmzt7OLOm9izvNcVfvciGs4Z7U/yq5//rLeBAav BF9PfCz2hGStCHJQGWZ51+qVTdNVqTO5O8hdMdEWHCgmDtnPxGrKlJtR17Mp/g== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=ShYb0a7s; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Seal: i=1; s=key1; d=yhetil.org; t=1694207076; a=rsa-sha256; cv=none; b=U9WrrBW3nwJr1KxxSgPVwkGd2Ift6iAB8kjOI1gEDWJdcrlg3Ek10Zu5RsnkOdTOuNKtnG U4mdSULyJxhhgnlUXiCGJ5lqis2yx3hrKMpYgWOYCRsQPLoI14Q86wgLuXIF3Vi5Nr9FHd S9jD2Z0hiN2axEZYd0U0JX8FH1+4Z4VT68kLqTQ5taGw6ZbVu8Rkc8sIENzqd3WbZUf0Iw aOaYMSvd9vnk1BxvyYiI1QvzW0yzQZGtio1tP6lCN48EGLrYeixSqpNkndFLu+R/dbFMXv G476Onm8ViYn11jBRAvQRMwG8+JNdhBW/Gce6m0WuUEL0XOBJCeDi3OXqcINMA== Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qeiQb-0004nO-L3; Fri, 08 Sep 2023 16:50:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qeiQS-0004mm-Dh for bug-guix@gnu.org; Fri, 08 Sep 2023 16:50:05 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qeiQR-00060P-L7 for bug-guix@gnu.org; Fri, 08 Sep 2023 16:50:00 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qeiQT-0007pD-RQ for bug-guix@gnu.org; Fri, 08 Sep 2023 16:50:01 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#65832: [PATCH] guix: shell: Don't whitelist / by typo in `shell-authorized-directories'. Resent-From: Janneke Nieuwenhuizen Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 08 Sep 2023 20:50:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 65832 X-GNU-PR-Package: guix X-GNU-PR-Keywords: patch To: 65832@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.169420617630037 (code B ref -1); Fri, 08 Sep 2023 20:50:01 +0000 Received: (at submit) by debbugs.gnu.org; 8 Sep 2023 20:49:36 +0000 Received: from localhost ([127.0.0.1]:45749 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qeiQ3-0007oP-Hk for submit@debbugs.gnu.org; Fri, 08 Sep 2023 16:49:36 -0400 Received: from lists.gnu.org ([2001:470:142::17]:42208) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qeiPy-0007o8-PO for submit@debbugs.gnu.org; Fri, 08 Sep 2023 16:49:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qeiPq-0004jX-DA for bug-guix@gnu.org; Fri, 08 Sep 2023 16:49:22 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qeiPp-0005v9-Hj; Fri, 08 Sep 2023 16:49:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=ynqbdq4vDN/V4O5wo06N4d9wfI9kwHKXvPI4BTHNyTo=; b=ShYb0a7sXfXzw5 byEcEYxrpuwUggChjR0VZThIlyPtFGsixueL/kWIoPiRiJd6uoTr6vuYvyxUfsQcY6xQW0SIjECtz pM1RuZs63rQXuf5SWVuG754+3jR3VJvJm6hSvaDKzuvzK19rmlk3DKAPZYl/B4nXMxUWz7tQzuWko IwVPyA4adYXpsOVMpZyc7v2SVZeqmOoSXivB719n6LDRudYWDbhMaJgahmLPcGlMEMP/YQVcew8Yp XIsmFm3PyYaksp7UVHUMfLGp1F6QjX5aV82Cm+OP/pasAx3MA/vSyotYgh+mSDynlZK5EG4o1awMK o4t+mYbBG6q7Pm9r5uVg==; From: Janneke Nieuwenhuizen Organization: AvatarAcademy.nl X-Url: http://AvatarAcademy.nl Date: Fri, 08 Sep 2023 22:49:11 +0200 Message-ID: <87tts4qtko.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: bug-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Queue-Id: 6878D4D9BA X-Migadu-Scanner: mx1.migadu.com X-Migadu-Spam-Score: -3.93 X-Spam-Score: -3.93 X-TUID: Uti70y6PX8OG --=-=-= Content-Type: text/plain Title says it all... So, i've started using direnv with envrc.el, really great! ...which meant that on top op `guix shell' pestering me with its shell-authorized-directories, I had to also type `direnv allow' all day. Anyway, I found that direnv has a whitelist, prefix even; so I looked into what guix shell might have and found that using --8<---------------cut here---------------start------------->8--- echo '-allow-all- > ~/.config/guix/shell-authorized-directories --8<---------------cut here---------------end--------------->8--- acts like an undocumented whitelist prefix for /. Find a fix attached. Greetings, Janneke --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: inline; filename=0001-guix-shell-Don-t-whitelist-by-typo-in-shell-authoriz.patch Content-Transfer-Encoding: quoted-printable >From 5b7af1342f4f0d91df9de960877889d40b8c5d64 Mon Sep 17 00:00:00 2001 Message-ID: <5b7af1342f4f0d91df9de960877889d40b8c5d64.1694206063.git.jannek= e@gnu.org> From: Janneke Nieuwenhuizen Date: Wed, 6 Sep 2023 10:52:17 +0200 Subject: [PATCH] guix: shell: Don't whitelist / by typo in `shell-authorized-directories'. Fixes * guix/scripts/shell.scm (authorized-shell-directory?): After warning, continue LOOP to return valid query result for DIRECTORY. --- guix/scripts/shell.scm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/guix/scripts/shell.scm b/guix/scripts/shell.scm index d67152cef7..83888eee1d 100644 --- a/guix/scripts/shell.scm +++ b/guix/scripts/shell.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright =C2=A9 2021-2023 Ludovic Court=C3=A8s +;;; Copyright =C2=A9 2023 Janneke Nieuwenhuizen ;;; ;;; This file is part of GNU Guix. ;;; @@ -232,7 +233,8 @@ (define (authorized-shell-directory? directory) (port-line port) (port-column port)))) (warning loc (G_ "ignoring invalid file name: '~a'= ~%") - line)))))))))) + line) + (loop)))))))))) (const #f))) =20 (define (options-with-caching opts) base-commit: 4dd33fc62899134606f36f92594cf160b972f685 --=20 2.41.0 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable --=20 Janneke Nieuwenhuizen | GNU LilyPond https://LilyPond.org Freelance IT https://www.JoyOfSource.com | Avatar=C2=AE https://AvatarAcade= my.com --=-=-=--