From: Christopher Lemmer Webber <cwebber@dustycloud.org>
Cc: guix-devel@gnu.org, Maxim Cournoyer <maxim.cournoyer@gmail.com>
Subject: Re: Setuid programs
Date: Mon, 16 Nov 2020 12:44:51 -0500 [thread overview]
Message-ID: <874klpgprg.fsf@dustycloud.org> (raw)
In-Reply-To: <87lff3heun.fsf@dustycloud.org>
[-- Attachment #1: Type: text/plain, Size: 1621 bytes --]
Christopher Lemmer Webber writes:
> Ludovic Courtès writes:
>
>> Hi,
>>
>> Gábor Boskovits <boskovits@gmail.com> skribis:
>>
>>> I have two reasons for that: backwards compatibility is really
>>> important, so we should not break it, and I believe this would not be
>>> hard to do.
>>> On the other hand it would be nice to have a more integrated backend,
>>> and move as many things into the services infrastructure as practical,
>>> and I think this is a good candidate for that. Wdyt?
>>
>> There’s already ‘setuid-program-service-type’. I think the way forward
>> would be to:
>>
>> 1. Define the <setuid-program> record type you propose.
>>
>> 2. Have ‘setuid-program-service-type’ accept that through its
>> extensions. When it receives something else, it should
>> transparently turn it into a <setuid-program> record, for backward
>> compatibility, and emit a deprecation warning.
>>
>> 3. Document the OS ‘setuid-programs’ field as taking a list of such
>> records.
>>
>> How does that sound?
>>
>> Thanks,
>> Ludo’.
>
> This sounds like a good plan. I'm taking a stab at it, but there's a
> good chance I'll get it wrong, so review will be seriously needed.
> Let's find out how I do!
I've attached a patch that includes my plan for the setuid stuff. I
could submit this to guix-patches I suppose if that would be better.
But I wonder if I should actually just rebase the wip-postfix on top of
master, apply this, and then start working on setting up postfix to make
use of it.
What do you think of this approach?
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-services-setuid-More-specific-setuid-support.patch --]
[-- Type: text/x-patch, Size: 7200 bytes --]
From cab9f7c017fb2ea0c8dc80084c3c269fa8e85378 Mon Sep 17 00:00:00 2001
From: Christopher Lemmer Webber <cwebber@dustycloud.org>
Date: Sun, 15 Nov 2020 16:58:52 -0500
Subject: [PATCH] services: setuid: More specific setuid support.
New record <setuid-program> with fields for setting the specific user and
group, as well as specifically selecting the setuid and setgid bits, for a
program within the setuid-program-service.
* gnu/services.scm (<setuid-program>): New record type.
(setuid-program, make-setuid-program, setuid-program?)
(setuid-program-program, stuid-program-setuid?, setuid-program-setgid?)
(setuid-program-user, setuid-program-group): New variables, export them.
(setuid-program-entry): New variable, a procedure used for the
service-extension of activation-service-type as set up by
setuid-program-service-type. Unpacks the <setuid-program> record,
handing off within the gexp to activate-setuid-programs.
(setuid-program-service-type): Make use of setuid-program-entry.
* gnu/build/activation.scm (activate-setuid-programs): Update to expect a
ftagged list for each program entry, pre-unpacked from the <setuid-program>
record before being handed to this procedure.
---
gnu/build/activation.scm | 40 ++++++++++++++++----------------
gnu/services.scm | 49 +++++++++++++++++++++++++++++++++++++---
2 files changed, 67 insertions(+), 22 deletions(-)
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index 4b67926e88..a2bdfd5aa5 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -229,13 +229,6 @@ they already exist."
(define (activate-setuid-programs programs)
"Turn PROGRAMS, a list of file names, into setuid programs stored under
%SETUID-DIRECTORY."
- (define (make-setuid-program prog)
- (let ((target (string-append %setuid-directory
- "/" (basename prog))))
- (copy-file prog target)
- (chown target 0 0)
- (chmod target #o6555)))
-
(format #t "setting up setuid programs in '~a'...~%"
%setuid-directory)
(if (file-exists? %setuid-directory)
@@ -247,18 +240,27 @@ they already exist."
string<?))
(mkdir-p %setuid-directory))
- (for-each (lambda (program)
- (catch 'system-error
- (lambda ()
- (make-setuid-program program))
- (lambda args
- ;; If we fail to create a setuid program, better keep going
- ;; so that we don't leave %SETUID-DIRECTORY empty or
- ;; half-populated. This can happen if PROGRAMS contains
- ;; incorrect file names: <https://bugs.gnu.org/38800>.
- (format (current-error-port)
- "warning: failed to make '~a' setuid-root: ~a~%"
- program (strerror (system-error-errno args))))))
+ (for-each (match-lambda
+ [('setuid-program src-path setuid? setgid? uid gid)
+ (catch 'system-error
+ (lambda ()
+ (let ((target (string-append %setuid-directory
+ "/" (basename src-path)))
+ (mode (+ #o0555 ; base permissions
+ (if setuid? #o4000 0) ; setuid bit
+ (if setgid? #o2000 0)))) ; setgid bit
+ (copy-file src-path target)
+ (chown target uid gid)
+ (chmod target mode)))
+ (lambda args
+ ;; If we fail to create a setuid program, better keep going
+ ;; so that we don't leave %SETUID-DIRECTORY empty or
+ ;; half-populated. This can happen if PROGRAMS contains
+ ;; incorrect file names: <https://bugs.gnu.org/38800>.
+ (format (current-error-port)
+ "warning: failed to make '~a' setuid-root: ~a~%"
+ (setuid-program-program program)
+ (strerror (system-error-errno args)))))])
programs))
(define (activate-special-files special-files)
diff --git a/gnu/services.scm b/gnu/services.scm
index 4b30399adc..7e03808489 100644
--- a/gnu/services.scm
+++ b/gnu/services.scm
@@ -87,6 +87,14 @@
ambiguous-target-service-error-service
ambiguous-target-service-error-target-type
+ setuid-program
+ setuid-program?
+ setuid-program-program
+ setuid-program-setuid?
+ setuid-program-setgid?
+ setuid-program-user
+ setuid-program-group
+
system-service-type
provenance-service-type
sexp->system-provenance
@@ -773,13 +781,48 @@ directory."
FILES must be a list of name/file-like object pairs."
(service etc-service-type files))
+(define-record-type* <setuid-program> setuid-program make-setuid-program
+ setuid-program?
+ ;; Path to program to link with setuid permissions
+ (program setuid-program-program) ;string
+ ;; Whether to set user setuid bit
+ (setuid? setuid-program-setuid? ;boolean
+ (default #t))
+ ;; Whether to set user setgid bit
+ (setgid? setuid-program-setgid? ;boolean
+ (default #t))
+ ;; The user this should be set to (defaults to root)
+ (user setuid-program-user ;integer
+ (default 0))
+ ;; Group we want to set this to (defaults to root)
+ (group setuid-program-group ;integer
+ (default 0)))
+
+(define (setuid-program-entry programs)
+ #~(activate-setuid-programs
+ ;; convert into a tagged list structure as expected by
+ ;; activate-setuid-programs
+ (list #$@(map (match-lambda
+ [(? setuid-program? sp)
+ #~(list 'setuid-program
+ #$(setuid-program-program sp)
+ #$(setuid-program-setuid? sp)
+ #$(setuid-program-setgid? sp)
+ #$(setuid-program-user sp)
+ #$(setuid-program-group sp))]
+ ;; legacy, non-<setuid-program> structure
+ [program
+ ;; TODO: Spit out a warning here?
+ #~(list 'setuid-program
+ #$program
+ #t #t 0 0)])
+ programs))))
+
(define setuid-program-service-type
(service-type (name 'setuid-program)
(extensions
(list (service-extension activation-service-type
- (lambda (programs)
- #~(activate-setuid-programs
- (list #$@programs))))))
+ setuid-program-entry)))
(compose concatenate)
(extend append)
(description
--
2.29.1
next prev parent reply other threads:[~2020-11-16 17:46 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-27 6:34 Setuid programs Gábor Boskovits
2020-08-28 4:43 ` Maxim Cournoyer
2020-09-09 19:00 ` Christopher Lemmer Webber
2020-09-09 21:31 ` Gábor Boskovits
2020-09-09 22:19 ` Christopher Lemmer Webber
2020-09-09 22:52 ` Christopher Lemmer Webber
2020-09-10 7:27 ` Gábor Boskovits
2020-09-10 15:01 ` Christopher Lemmer Webber
2020-09-16 13:25 ` Ludovic Courtès
2020-09-17 0:27 ` Gábor Boskovits
2020-11-07 17:15 ` Christopher Lemmer Webber
2020-11-14 20:18 ` Christopher Lemmer Webber
2020-11-16 17:44 ` Christopher Lemmer Webber [this message]
2020-11-16 23:39 ` Christopher Lemmer Webber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874klpgprg.fsf@dustycloud.org \
--to=cwebber@dustycloud.org \
--cc=guix-devel@gnu.org \
--cc=maxim.cournoyer@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).