From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id aEZYDT8xRF+LIAAA0tVLHw (envelope-from ) for ; Mon, 24 Aug 2020 21:29:35 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id EG87CT8xRF9rdgAA1q6Kng (envelope-from ) for ; Mon, 24 Aug 2020 21:29:35 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id EB20D94036A for ; Mon, 24 Aug 2020 21:29:34 +0000 (UTC) Received: from localhost ([::1]:52796 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kAK21-0006ew-TJ for larch@yhetil.org; Mon, 24 Aug 2020 17:29:33 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42860) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kAK1s-0006el-VF for guix-devel@gnu.org; Mon, 24 Aug 2020 17:29:25 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:53776) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kAK1s-00056n-3l; Mon, 24 Aug 2020 17:29:24 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=52456 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kAK1r-0004Dd-1p; Mon, 24 Aug 2020 17:29:23 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: pkill9 Subject: Re: Verify validity of sudoers file when reconfiguring system. References: <20200802131115.720bdf36@runbox.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 8 Fructidor an 228 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 24 Aug 2020 23:29:21 +0200 In-Reply-To: <20200802131115.720bdf36@runbox.com> (pkill9@runbox.com's message of "Sun, 2 Aug 2020 13:11:15 +0100") Message-ID: <87imd7zqa6.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "guix-devel@gnu.org" Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Spam-Score: -1.01 X-TUID: qD1K023PimFN Hi pkill9, pkill9 skribis: > Last time I tested, the sudoers file could be changed to anything in > the guix system configuration, whether it's valid or not. This could > result in someone being locked out of their system when root doesn't > have a password, and they rely on sudo. Ideally, `guix system > reconfigure` would fail if the specified sudoers file is invalid. > > I ran `visudo --help` and there are two flags that could be used for > this: --check, which simply parses the sudoers file and checks that > it's valid, and --file, which specifies which file to check. Thanks a lot for the suggestion! Commit 384377632c41c5c42e32889f4a239223aaae1ca9 implements exactly that. Apparently =E2=80=98visudo --check=E2=80=99 doesn=E2=80=99t check whether t= he user/groups mentioned exist though, so this kind of error could still occur. The better fix would be to define record types or similar for the sudoers list so we can better sanitize it. Ludo=E2=80=99.