Re: mount.davfs: program is not setuid root

unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed

From: Efraim Flashner <efraim@flashner.co.il>
To: Leo Famulari <leo@famulari.name>
Cc: help-guix@gnu.org
Subject: Re: mount.davfs: program is not setuid root
Date: Tue, 20 Apr 2021 10:20:44 +0300	[thread overview]
Message-ID: <YH6AzLquN/hvi6na@3900XT> (raw)
In-Reply-To: <YH4kjEP9M1XXWeNy@jasmine.lan>


[-- Attachment #1.1: Type: text/plain, Size: 2259 bytes --]

On Mon, Apr 19, 2021 at 08:47:08PM -0400, Leo Famulari wrote:
> On Mon, Apr 19, 2021 at 10:30:13PM +0200, Simon Streit wrote:
> > I just tried again, and called mount as:
> > --8<---------------cut here---------------start------------->8---
> > /run/setuid-programs/mount -t <URL> ~/test/
> > --8<---------------cut here---------------end--------------->8---
> > where URL is my remote URL share trying to mount it to local test dir,
> > where it fails with:
> > --8<---------------cut here---------------start------------->8---
> > /run/current-system/profile/sbin/mount.davfs: program is not setuid root
> > --8<---------------cut here---------------end--------------->8---
> 
> So, '/run/setuid-programs/mount' is somehow resolving to
> '/run/current-system/profile/sbin/mount.davfs'?
> 
> The executables in /run/setuid-programs are not supposed to be links.
> 

From the ./configure script in davfs2:

Some influential environment variables:
  CC          C compiler command
  CFLAGS      C compiler flags
  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
              nonstandard directory <lib dir>
  LIBS        libraries to pass to the linker, e.g. -l<library>
  CPPFLAGS    (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
              you have headers in a nonstandard directory <include dir>
  CPP         C preprocessor
  dav_user    if invoked by root, mount.davfs runs as this user [davfs2]
  dav_group   the group, the mount.davfs daemon belongs to [davfs2]
  ssbindir    where mount will search for mount-helpers [/sbin]
  dav_localstatedir
              directory to store pid-files in [/var/run]
  dav_syscachedir
              cache directory [/var/cache]
  LINGUAS     select languages for messages and documentation

I've attached a diff against guix and also a davfs.scm for building just
the modified davfs2. Can you try building it with `guix build -f
davfs.scm` and then use the mount.davfs from there to try mounting your
davfs mountpoint?

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #1.2: davfs-adjust-setuid-directory.diff --]
[-- Type: text/plain, Size: 1328 bytes --]

diff --git a/gnu/packages/file-systems.scm b/gnu/packages/file-systems.scm
index d970fe7198..13da2a54b4 100644
--- a/gnu/packages/file-systems.scm
+++ b/gnu/packages/file-systems.scm
@@ -212,7 +212,7 @@ another location, similar to @command{mount --bind}.  It can be used for:
        (list "--sysconfdir=/etc"        ; so man pages & binaries contain /etc
              (string-append "--docdir=" (assoc-ref %outputs "out")
                             "/share/doc/" ,name "-" ,version)
-             (string-append "ssbindir=" (assoc-ref %outputs "out") "/sbin")
+             "ssbindir=/run/setuid-programs"
              ;; The default ‘davfs2’ user and group don't exist on most systems.
              "dav_user=nobody"
              "dav_group=nogroup")
@@ -226,6 +226,11 @@ another location, similar to @command{mount --bind}.  It can be used for:
                  _ prefix suffix)
                 (string-append prefix suffix)))
              #t))
+         (add-after 'unpack 'dont-install-to-/run/setuid-programs
+           (lambda _
+             (substitute* "src/Makefile.in"
+               (("ssbindir") "sbindir"))
+             #t))
          (add-after 'unpack 'patch-file-names
            (lambda _
              ;; Don't auto-load the FUSE kernel module.  That's up to root.

[-- Attachment #1.3: davfs.scm --]
[-- Type: text/plain, Size: 974 bytes --]

(use-modules (guix packages)
             (guix utils)
             (gnu packages file-systems))

(package
  (inherit davfs2)
  (name (package-name davfs2))
  (version (package-version davfs2))
  (arguments
   (substitute-keyword-arguments (package-arguments davfs2)
     ((#:configure-flags cf)
      `(list "--sysconfdir=/etc"        ; so man pages & binaries contain /etc
             (string-append "--docdir=" (assoc-ref %outputs "out")
                            "/share/doc/" ,name "-" ,version)
             "ssbindir=/run/setuid-programs"
             ;; The default ‘davfs2’ user and group don't exist on most systems.
             "dav_user=nobody"
             "dav_group=nogroup"))
     ((#:phases phases)
      `(modify-phases ,phases
         (add-after 'unpack 'dont-install-to-/run/setuid-programs
           (lambda _
             (substitute* "src/Makefile.in"
               (("ssbindir") "sbindir"))
             #t)))))))

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

next prev parent reply	other threads:[~2021-04-20  7:21 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-16 13:31 mount.davfs: program is not setuid root Simon Streit
2021-04-16 16:34 ` Leo Famulari
2021-04-18 13:36   ` Simon Streit
2021-04-18 13:36   ` Simon Streit
2021-04-18 23:01     ` Leo Famulari
2021-04-19 10:50       ` Simon Streit
2021-04-19 17:18         ` Leo Famulari
2021-04-21 21:46           ` Simon Streit
2021-04-19 20:30       ` Simon Streit
2021-04-20  0:47         ` Leo Famulari
2021-04-20  6:57           ` Efraim Flashner
2021-04-20  7:20           ` Efraim Flashner [this message]
2021-04-21 21:43             ` Simon Streit
2021-05-11 17:42             ` Simon Streit
2021-05-11 18:41               ` Leo Famulari
2021-05-11 19:30                 ` Simon Streit
2021-05-11 19:34                   ` Leo Famulari
2021-05-11 20:59                     ` Simon Streit
2021-05-13 13:25             ` Simon Streit
2021-04-18 20:07   ` Simon Streit

find likely ancestor, descendant, or conflicting patches for this message:
dfblob:d970fe719 dfblob:13da2a54b
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YH6AzLquN/hvi6na@3900XT \
    --to=efraim@flashner.co.il \
    --cc=help-guix@gnu.org \
    --cc=leo@famulari.name \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).