From mboxrd@z Thu Jan  1 00:00:00 1970
From: Efraim Flashner <efraim@flashner.co.il>
Subject: bug#40550: zsh: sudo is not setuid
Date: Sat, 11 Apr 2020 22:38:21 +0300
Message-ID: <20200411193821.GB2191@E5400>
References: <C1YAP1W11L61.2VVVOWHR0N902@121408>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="NKoe5XOeduwbEQHU"
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane-mx.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:42743)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1jNLy3-0002d6-I5
 for bug-guix@gnu.org; Sat, 11 Apr 2020 15:39:04 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1jNLy2-00054U-8o
 for bug-guix@gnu.org; Sat, 11 Apr 2020 15:39:03 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:45568)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1jNLy2-00054O-4t
 for bug-guix@gnu.org; Sat, 11 Apr 2020 15:39:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1jNLy2-0003dL-2D
 for bug-guix@gnu.org; Sat, 11 Apr 2020 15:39:02 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.40550.B40550.158663394113960@debbugs.gnu.org>
Content-Disposition: inline
In-Reply-To: <C1YAP1W11L61.2VVVOWHR0N902@121408>
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane-mx.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane-mx.org@gnu.org>
To: Alexandru-Sergiu Marton <brown121407@member.fsf.org>
Cc: 40550@debbugs.gnu.org


--NKoe5XOeduwbEQHU
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Apr 11, 2020 at 01:10:17PM +0300, Alexandru-Sergiu Marton wrote:
> Hi,
>=20
> I changed my default shell to zsh with the following line added to
> my user-account record in my config.scm:
>=20
> (shell #~(string-append #$zsh "/bin/zsh"))
>=20
> After reconfiguring the system and rebooting, when I try to run sudo or
> su (I guess this problem appears for every thing in %setuid-programs), I
> get a message saying it isn't actually a setuid program.
>=20
> I'm writing this from a reconfigured system started at the same point as
> the zsh one started, but with bash. Here I don't have that problem --
> setuid programs work as expected.
>=20
> Steps to reproduce:
> - $ guix pull
> - Change the default shell to zsh in your config.scm, as presented
>   above.
> - $ sudo guix system reconfigure config.scm
> - Reboot.
> - Try to run sudo or su. It should give you an error.

Do you have sudo installed in a profile? /run/setuid-programs/sudo
should be the first 'sudo' in your PATH regardless of the shell. What's
the contents of your $PATH?

(ins)efraim@E5400 ~$ which -a sudo
/run/setuid-programs/sudo
/run/current-system/profile/bin/sudo
(ins)efraim@E5400 ~$ guix environment --ad-hoc zsh
substitute: updating substitutes from 'http://192.168.1.183:3000'... 100.0%
substitute: updating substitutes from 'http://192.168.1.217:3000'... 100.0%
substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0%
substitute: updating substitutes from 'https://bayfront.guix.gnu.org'... 10=
0.0%
The following derivation will be built:
   /gnu/store/yfqfk66vl1s6av45a92ml5l60d2kaxyk-profile.drv
2.1 MB will be downloaded:
   /gnu/store/icyx0ynnaaradzzxfqyjrwy0x545zdn5-zsh-5.8
The following profile hooks will be built:
   /gnu/store/8kim2ay78nrlgpdks734hridk21waxhc-fonts-dir.drv
   /gnu/store/fxdkr919viih72p9s2zkiadgj7r182d1-info-dir.drv
   /gnu/store/ml3s254v7zf4dmwmfpc59clr0xgllsbn-ca-certificate-bundle.drv
   /gnu/store/rvd1xybadpnzwlm1qz7iqcsky1dj2myw-manual-database.drv
downloading from https://ci.guix.gnu.org/nar/lzip/icyx0ynnaaradzzxfqyjrwy0x=
545zdn5-zsh-5.8...
 zsh-5.8  2.0MiB                                            1.6MiB/s 00:01 =
[##################] 100.0%

building CA certificate bundle...
building fonts directory...
building directory of Info manuals...
building database for manual pages...
building profile with 1 package...
(ins)efraim@E5400 ~ [env]$ zsh
E5400% which -a sudo
/run/setuid-programs/sudo
/run/current-system/profile/bin/sudo


--=20
Efraim Flashner   <efraim@flashner.co.il>   =D7=90=D7=A4=D7=A8=D7=99=D7=9D =
=D7=A4=D7=9C=D7=A9=D7=A0=D7=A8
GPG key =3D A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

--NKoe5XOeduwbEQHU
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAl6SHK0ACgkQQarn3Mo9
g1G4zA/7BnUaWzvkUMiPOCoyHuFtPB79I1GM/7f2nYN7+g5sEtjtCoFLfav0SS3X
p1pGDFEjKPKsVwYwVQTuqacBp1nkkLNhhqIpHrJFfCMLVhGJHYoiTtYMrr6wYAug
SWHsR2BEl3CqIcobEs3daq4O2p7BFfIBUMKs2OSMsQVBLTavG7WsP9rei2GsbZU9
kfd28rv4P7sDg2orR7lRijh8tsoOAwbZx+7mO46y94yycEs2IzbT8EsbQSU2Jejb
MUz12GVYdigoloKPVW05ZTBPII+kuAuqwlHVKFEu2G0RRuOoi3TqcA0+u+fo3i1s
FbO2E5gnh5yQ39A/AdgXUeYEHXfTBKBYMFy+a8QdCCQQXtor2GrU3L0C76ofikJt
e9o62wUrg+gxpkUWpbdUa4Rx8F3mSpGdsF8hGAjf3HMNpDTtJMCNCqGxby3pqvcK
FHEIto8TiMrA3OodDYjFIR/BHi6eMTs5rCtHMpQYD6JRN6HFEpJavKI9Jc8aqnvh
azMFHRPfmxbeoz+7RcD2oGyCau5m6/2dpU69zp3Q9nmz6QN1raxbMUmxbhuhaz2P
P5N7yesKmvQJ/ArJtVYcZaidMqCaZuut4sbLYC+lAKgCTQAYKd1b8U7SKYgcoCo6
6Dk6ANAmqNsFdnYsEcdvym9KtvgP5TUtYLYOjtBOeD6sUPe0GKw=
=2bTK
-----END PGP SIGNATURE-----

--NKoe5XOeduwbEQHU--