From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp10.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms5.migadu.com with LMTPS
	id MMKzIoBTYmIqiQAAbAwnHQ
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 22 Apr 2022 09:04:32 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp10.migadu.com with LMTPS
	id 4OvQIYBTYmKL7QAAG6o9tA
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 22 Apr 2022 09:04:32 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 132508FCD
	for <larch@yhetil.org>; Fri, 22 Apr 2022 09:04:32 +0200 (CEST)
Received: from localhost ([::1]:37864 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	id 1nhnLC-0005iQ-1K
	for larch@yhetil.org; Fri, 22 Apr 2022 03:04:31 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:53384)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1nhnKk-0005cW-BD
 for guix-patches@gnu.org; Fri, 22 Apr 2022 03:04:04 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:57441)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1nhnKj-0000I9-W9
 for guix-patches@gnu.org; Fri, 22 Apr 2022 03:04:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1nhnKj-0005Lh-MA
 for guix-patches@gnu.org; Fri, 22 Apr 2022 03:04:01 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#55034] [PATCH 0/1] Let openssh trust /gnu/store
Resent-From: Alexey Abramov <levenson@mmer.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Fri, 22 Apr 2022 07:04:01 +0000
Resent-Message-ID: <handler.55034.B55034.165061098220455@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 55034
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 55034@debbugs.gnu.org
Received: via spool by 55034-submit@debbugs.gnu.org id=B55034.165061098220455
 (code B ref 55034); Fri, 22 Apr 2022 07:04:01 +0000
Received: (at 55034) by debbugs.gnu.org; 22 Apr 2022 07:03:02 +0000
Received: from localhost ([127.0.0.1]:51332 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1nhnJl-0005Jr-UH
 for submit@debbugs.gnu.org; Fri, 22 Apr 2022 03:03:02 -0400
Received: from mail.mmer.org ([178.22.65.174]:42640)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <levenson@mmer.org>) id 1nhnJk-0005JE-9u
 for 55034@debbugs.gnu.org; Fri, 22 Apr 2022 03:03:00 -0400
Received: from mail.mmer.org (localhost [127.0.0.1])
 by mail.mmer.org (OpenSMTPD) with ESMTP id 7a6c38fa;
 Fri, 22 Apr 2022 07:02:51 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=mmer.org; h=from:to:cc
 :subject:references:date:in-reply-to:message-id:mime-version
 :content-type:content-transfer-encoding; s=dkim; bh=cLOlguTG8Kcx
 7y0SIxeyMvkHUxqmjfhpmiWN3Z9TU08=; b=Twea9kMITmhnuLa49XVGr/AbMM2Y
 WAvvmhvrUKjIVtU2icg6NbT5SlihMS87arFIvE/fRhYGgXmLN5WHOnZ7y6MnTAsY
 XBbp3c08Y2g5svy3tJgHYQ7NoSVh1qjfQvQBDn8zG3nvsp+81JpsME5kG+EsFrvX
 jKPkHsa5Qki3igo=
Received: from delta.lan (j74182.upc-j.chello.nl [24.132.74.182])
 by mail.mmer.org (OpenSMTPD) with ESMTPSA id e50b7ee3
 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); 
 Fri, 22 Apr 2022 07:02:50 +0000 (UTC)
References: <20220420084724.3514-1-levenson@mmer.org>
 <20220420084913.4113-1-levenson@mmer.org> <8735i8oyxn.fsf_-_@gnu.org>
Date: Fri, 22 Apr 2022 09:02:49 +0200
In-Reply-To: <8735i8oyxn.fsf_-_@gnu.org> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s
 message of "Wed, 20 Apr 2022 12:02:12 +0200")
Message-ID: <87tualiorq.fsf@delta.lan>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+larch=yhetil.org@gnu.org>
Reply-to:  Alexey Abramov <levenson@mmer.org>
X-ACL-Warn: ,  Alexey Abramov via Guix-patches <guix-patches@gnu.org>
From:  Alexey Abramov via Guix-patches via <guix-patches@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-To: larch@yhetil.org
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1650611072;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:resent-cc:
	 resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=UKgsH8KJx7Rb3C3cHSfVtHE2y6tPYshDoxvfi0mpnhs=;
	b=oNDjDH1FOuCSlXC5Gq6OwE6RnmyfIB0g42bvBazAjQzAN9TqM0ILOL4hmGrjWOui7pFevQ
	/bJIjT7KW6t1e+1Eg7UHvaOwDqY9COTbKPWbrkKSdrl4A4nG0nD1Bk/nwJCi20PneI2AJN
	uM2yXwbtGLlLBj2H0MCAxJdtc4enCVByxOEGowd5/ajfZmpY5969EreUqDrGyNvc6KcY6y
	yryab43GNYnDqgGvEtNSpDTRy08Bv76DaalwNWjxIT9pBd7XWk6zLQJ2KKjmxg/2frtv4D
	+9xTFdomeOR2d9dUGh9npYlKfV9Ssz7e0pyTAoVA56sAB5IZ7hoAjc4ER7nY4w==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1650611072; a=rsa-sha256; cv=none;
	b=JIUuk7cuLmmVcfeY44HOlawcIhDe4uReOuvo5aK9GeOxjIk3uM1zUv+46IDlMi6Qsp1h03
	v81HcDQYIxIBzlYzoKIBplSgY4dGH87NTMK2IBBO/8U3Jt7kzuk70dgdOA3kPeobr8xK/V
	k7rdW1TBXh2+VSISSXtni1eTe7GReNRaniGoDhjL5FCoEi/wWo+Gq60FUA5KcPDlUx6YXk
	BGe0FVOnQRYgvjp82+bGZqLbxWWEcEBugge6oOJp6AjhjzFu92b8f/7o6bU10vtGgiR64u
	y0HgzlQDbZSbh+czTFBFRaG39rzsYXZB03ZnPHMrBAYkJswzkOw+mM4NRa+WsA==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=mmer.org header.s=dkim header.b=Twea9kMI;
	dmarc=pass (policy=none) header.from=gnu.org;
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: -3.53
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=mmer.org header.s=dkim header.b=Twea9kMI;
	dmarc=pass (policy=none) header.from=gnu.org;
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: 132508FCD
X-Spam-Score: -3.53
X-Migadu-Scanner: scn1.migadu.com
X-TUID: g6yqM/yLo8Lp

Ludovic Court=C3=A8s <ludo@gnu.org> writes:

> Alexey Abramov <levenson@mmer.org> skribis:
>
>> + safe_path(const char *name, struct stat *stp, const char *pw_dir,
>> +     uid_t uid, char *err, size_t errlen)
>> + {
>> ++        static const char gnu_store[] =3D "/gnu/store";
>> + 	char buf[PATH_MAX], homedir[PATH_MAX];
>> + 	char *cp;
>> + 	int comparehome =3D 0;
>> +@@ -2178,6 +2179,10 @@ safe_path(const char *name, struct stat *stp, co=
nst char *pw_dir,
>> + 		}
>> + 		strlcpy(buf, cp, sizeof(buf));
>> +=20
>> ++		/* If are past the Guix /gnu/store then we can stop */
>> ++		if (strcmp(gnu_store, buf) =3D=3D 0)
>> ++			break;
>
> We should not hard-code =E2=80=9C/gnu/store=E2=80=9D because it can be so=
mething else.
>
> I think you can do like what =E2=80=98gcc-dl-cache.patch=E2=80=99 does: r=
eplace the
> literal "/gnu/store" by @STORE_DIRECTORY@, and substitute it in a phase.

This is great! That is what I was looking for.=20

> Also note that the strcmp above is incorrect: it would accept
> /gnu/storesomethinglese.  You probably need to add a trailing slash to
> be sure.

Let me correct myself. In the previous email I wrote that the safe_path
goes from top to bottom, but actually it walking upwards. This is an
actual loop

--8<---------------cut here---------------start------------->8---
	/* for each component of the canonical path, walking upwards */
	for (;;) {
		if ((cp =3D dirname(buf)) =3D=3D NULL) {
			snprintf(err, errlen, "dirname() failed");
			return -1;
		}
		strlcpy(buf, cp, sizeof(buf));

		/* If are past the Guix /gnu/store then we can stop */
		if (strcmp(gnu_store, buf) =3D=3D 0)
			break;

		if (stat(buf, &st) =3D=3D -1 ||
		    (!platform_sys_dir_uid(st.st_uid) && st.st_uid !=3D uid) ||
		    (st.st_mode & 022) !=3D 0) {
			snprintf(err, errlen,
			    "bad ownership or modes for directory %s", buf);
			return -1;
		}

		/* If are past the homedir then we can stop */
		if (comparehome && strcmp(homedir, buf) =3D=3D 0)
			break;

		/*
		 * dirname should always complete with a "/" path,
		 * but we can be paranoid and check for "." too
		 */
		if ((strcmp("/", buf) =3D=3D 0) || (strcmp(".", buf) =3D=3D 0))
			break;
	}
	return 0;
--8<---------------cut here---------------end--------------->8---

As you can see, buffer is holding the result of dirname already, hence
I used "/gnu/store".


--=20
Alexey