From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id ysJiNYlQWV8jUQAA0tVLHw (envelope-from ) for ; Wed, 09 Sep 2020 22:00:41 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id EGq0MIlQWV98XAAAB5/wlQ (envelope-from ) for ; Wed, 09 Sep 2020 22:00:41 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 6E6F49403C8 for ; Wed, 9 Sep 2020 22:00:41 +0000 (UTC) Received: from localhost ([::1]:49370 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kG7hc-0003kx-KZ for larch@yhetil.org; Wed, 09 Sep 2020 17:32:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38504) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kG7h8-0003kd-Mw for guix-devel@gnu.org; Wed, 09 Sep 2020 17:31:58 -0400 Received: from mail-ed1-x543.google.com ([2a00:1450:4864:20::543]:33217) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kG7h6-0003ud-TV for guix-devel@gnu.org; Wed, 09 Sep 2020 17:31:58 -0400 Received: by mail-ed1-x543.google.com with SMTP id g4so4208708edk.0 for ; Wed, 09 Sep 2020 14:31:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=4A4NTuobBXmuurog8o6txkWy8/9YUhwddZwVTzm8YA0=; b=MTHSKq/PmPntp6mHSPms3affdhSoV/felqIAD6k0z7nqpt3xYICzq2cU+2DYyHA/qr AnTGIpK65A6wskvtGWABXWnU+hDdB7OLwsjT46aDvRkLg8MIRiVla+YeFwu5C97WtdRJ j0P7+uZjFATHOzilXink8COdv97QRJ5H1W8arPhFz/KbbHpqwYBcVtrJcZPifFiR8RKS Uj/jE3biPCpq0qAkGMSu02kA4OvPDNqS1KnKYNxY3FCaQSFXSnIPZuaZ7PBN1ffTE9VO ePN9MiYUaKrWGgBFJoUFaHqxbG8rv0TD/zL2/67p6mMFtatNrIc9Piu1VWPxr6d/8ghR dmcw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=4A4NTuobBXmuurog8o6txkWy8/9YUhwddZwVTzm8YA0=; b=Mz9cH1Behb82IWihWy2AqjfjWVAPs1wv+XwpDdQssawZ11Z3NtNq1izVHnDkAZMgDC dNnFW0H4Nwb6rkb4mV/h19WG/GWB9d/9ufrPU+YidGlxeDCaPZy14BRPICeuX0n+X2yt YF5tv4HW8X4vGGv5qS5QuCMXa7BcRRgHqihA1KpJ612QAkkqoW2FfqnAvwyzATyr8bFX oCVgljIxruMnlWjBobWRnVGjW4jt+WRogWzUVs3I1Fj8j8+KYXw/8JtAuR89MQeECLer EkVIUc6oRnlRJDfLeJpc/fmyNWtxrHQN8KPpvj0+cHO99kgEOEKEHv0FLdOHRQeUhYRZ VtBQ== X-Gm-Message-State: AOAM533rFoJ4nDOq3j+dJZ3P++5wz1Y6y/jkNnG0ofB0J09O5iIzHfbY JVdevQr8W3H9FfsSx4B9xQICmF1KlKgV85ITvw== X-Google-Smtp-Source: ABdhPJyNWxzzOm9VIr8zvH1nZxOI+dsmMB05yd/Z2Q/9hemIM9ILmy7diBPX/Bmn3dvgP4KXhovZzJEA02vHXnAEZYk= X-Received: by 2002:a05:6402:3050:: with SMTP id bu16mr6317302edb.343.1599687114904; Wed, 09 Sep 2020 14:31:54 -0700 (PDT) MIME-Version: 1.0 References: <877dtj753p.fsf@gmail.com> <871rja3hdv.fsf@dustycloud.org> In-Reply-To: <871rja3hdv.fsf@dustycloud.org> From: =?UTF-8?Q?G=C3=A1bor_Boskovits?= Date: Wed, 9 Sep 2020 23:31:43 +0200 Message-ID: Subject: Re: Setuid programs To: Christopher Lemmer Webber Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=2a00:1450:4864:20::543; envelope-from=boskovits@gmail.com; helo=mail-ed1-x543.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Guix-devel , Maxim Cournoyer Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=gmail.com header.s=20161025 header.b=MTHSKq/P; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Spam-Score: 0.09 X-TUID: WZR//1hA0wgw Hello, Christopher Lemmer Webber ezt =C3=ADrta (id=C5=91p= ont: 2020. szept. 9., Sze, 21:00): > > Maxim Cournoyer writes: > > > Hello Gabor! > > > > G=C3=A1bor Boskovits writes: > > > >> Hello guix, > >> > >> I would like to propose an extension to how setuid programs are > >> currently handled. The last time I checked it could only do setuid and > >> setgid root. Some services, such as postfix need a more fine grained > >> setuid setup. I would propose a record type, such as: > >> (setuid > >> (program setuid-program) > >> (setuid setuid-setuid) > >> (setgid setuid-setgid) > >> (user setuid-user) > >> (group setuid-group)) > >> > >> So that there is more fine grained control. > >> > >> I would also propose to move this to the services framework, so that > >> services could extend this field on demand. > >> > >> Wdyt? > > > > This sounds great! I also encountered such limitation and tried to > > fixing it in https://issues.guix.info/41763, with some success (and an > > unresolved limitation pointed by Chriistopher) but I agree that using a > > record makes more sense and is more future proof. > > > > Maxim > > I'm eager to use Postfix on Guix (maybe it's me, but I just can't make > sense of the weird DSL that opensmtpd uses) so I guess if that's what's > necessary it already makes it a good idea. > > However I don't fully understand the syntax of what you proposed. Let's > see if I can guess with a fake entry > > #~(setuid > ;; The program to run, from the shady package > (program (string-append #$shady "/bin/scaryfoo") > ;; Would this be a boolean? If so should it be `setuid?` yes, this should be a bool, studi? looks good to me. > (setuid setuid-setuid) > ;; Likewise? > (setgid setuid-setgid) yes, the same thing applies here. > ;; Presumably the use we want to set this to > (user setuid-user) yes, this should just be the uid of the owner > ;; Presumably the group we want to se this to this should be the gid. > (group setuid-group)) > > ... right? > > I guess this could be done in a backwards compatible way; > %setuid-programs could either evaluate to strings or records, so the > "simpler" version can remain an option? Yes, it can be done this way. Actually I had a bit more general solution in mind, I feel there should be service to install a file from a store to a given place, and with all the access control available, like acl-s, if supported. And then provide the whole setuid thing as a backwards compatibility layer, somehow like you described. For now I guess creating this record type and implementing the extended setuid functionality would be a good first step. > > - Chris Best regards, g_bor --=20 OpenPGP Key Fingerprint: 7988:3B9F:7D6A:4DBF:3719:0367:2506:A96C:CF63:0B21