From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id 2CTEBzwISGQkyAAASxT56A (envelope-from ) for ; Tue, 25 Apr 2023 19:05:00 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id WD/KBzwISGSP4wAA9RJhRA (envelope-from ) for ; Tue, 25 Apr 2023 19:05:00 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id CF4D624BB5 for ; Tue, 25 Apr 2023 19:04:59 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1prM5g-0004nJ-Fa; Tue, 25 Apr 2023 13:04:32 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1prM5f-0004nB-0P for guix-devel@gnu.org; Tue, 25 Apr 2023 13:04:31 -0400 Received: from vmi571514.contaboserver.net ([75.119.130.101] helo=mail.laesvuori.fi) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1prM5c-0005m9-Ge for guix-devel@gnu.org; Tue, 25 Apr 2023 13:04:30 -0400 Received: from X-kone (88-113-24-127.elisa-laajakaista.fi [88.113.24.127]) by mail.laesvuori.fi (Postfix) with ESMTPSA id 7CDD034012E; Tue, 25 Apr 2023 19:05:04 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=laesvuori.fi; s=mail; t=1682442304; bh=l88YWto29YGvjX9kOgMKU/eY8E2YB6AZ9i7BuHCepzI=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=TNiju/XBRJWXGWqhqc4Ll2arG4Y0ORsxcDRsbyOXFXONQEP+eZTA/RlpyAqgOuRxJ XH+XNVWdn3i6I4/GTh+SuvFrZxr8G67O8YtVjD7UabXQbfF1E25bdoUDBTWjhxR8Ix mdBQZ3If5inOYu9LSwlOmgB0q7cfme5c1sLQ1fRM= Date: Tue, 25 Apr 2023 20:04:22 +0300 From: Saku Laesvuori To: Felix Lechner Cc: Josselin Poiret , Guix Devel Subject: Re: Setuid handling? Message-ID: <20230425170422.66rd4ro4gblngbc7@X-kone> References: <87354otagp.fsf@jpoiret.xyz> <87wn20rn0s.fsf@jpoiret.xyz> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="jhfoks7husqhm3bd" Content-Disposition: inline In-Reply-To: Received-SPF: pass client-ip=75.119.130.101; envelope-from=saku@laesvuori.fi; helo=mail.laesvuori.fi X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Seal: i=1; s=key1; d=yhetil.org; t=1682442299; a=rsa-sha256; cv=none; b=KZd/DDuKLfBNNVPsWD/pMuhepGkbrvbztGaKKQYxRVTqY3dE1NvoVoGFN6COLyTy0ZgOwK WcqYfBLbaxgiRBAQM2Zony7zIcnj6dW245+oJJ0lnVZEa8l/kL4PPWmj+65lo00HSgl3Gy 9RO8W3gej0GqCKknN3RvO5GllObegiItztV6SAxjFvQ/XTTA+D7tlSXh+7ny7iZs1EiaSV eC9obs/jHTC4cim9koIxP3FUPCHh7iev5CWHAxA5Hw0z2G4e73PQdpTfKC9Ndkfktk8OVs +7yd8itairI/Qd9xOzyNdCfqGfk3XMaqqfVYDlGXkkfIiVekAboLZ8Tq9F+QYg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=laesvuori.fi header.s=mail header.b="TNiju/XB"; dmarc=pass (policy=reject) header.from=laesvuori.fi; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1682442299; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=zpWSvqPYFbI9fxi2A5JE8nzYN2UlIX/wqBZ6Rh6jAHU=; b=SJYEIFG781NE0++wPHjSWQk89ZAT7+EyG9M2XYKiAa9SgWQEnXYZCyO+cbIQBHKWBwrs1F JPezBOji4gntM6Aq6mgtgQJgZQhDY5PJQIxVeNA9ARi0Zp8nfVEBINWzpmdkRCTeSTt6Kf OSBJQxEToSySAJ3n/3e23CFl8/Xf2wD4lo4YeyVMUZFuvAxg5oq7lqTEETaYpMirvvP0WV SwrFzk7YDcLX9MgkgnwRYYErRg+GRnw74GTQa1o+wHTrSZqzw/ZZ7vQXwoxEKMOlDrMEeL 9hj/oBZQjHpYbNuSfI4in9GazSyp7+dRhtrav95GrRSgNhvt/rxs6NFBW3IxGg== X-Migadu-Scanner: scn1.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=laesvuori.fi header.s=mail header.b="TNiju/XB"; dmarc=pass (policy=reject) header.from=laesvuori.fi; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -4.81 X-Spam-Score: -4.81 X-Migadu-Queue-Id: CF4D624BB5 X-TUID: KgICtJSIzRlO --jhfoks7husqhm3bd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > > /run/setuid-programs/ should be at the top of your PATH. >=20 > Well, the home profile ends up being first here: I, too, have my home profile as the first one. Having peeked into /etc/profile and ~/.guix-home/setup-environment it seems like that is the original order without any interference from the user's shell configuration. > > The default /etc/profile should ensure that The default /etc/profile only ensures that when the user profile is ~/.guix-profile or ~/.config/guix/current. Guix home stores the profile at ~/.guix-home/profile. > Thanks for that pointer! I'm in Bash, via Eat. [1] Right now I'm not > sure where to look, so more references from anybody would be > appreciated. Maybe you could remove the packages with setuid-programs from your home configuration, but really this seems like a bug in guix home to me. --jhfoks7husqhm3bd Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEoMkZR3NPB29fCOn/JX0oSiodOjIFAmRICBUACgkQJX0oSiod OjISOA//cIFzxXg60uy6tn6AQBAvv/UuZpe7uvMWFBSTgSLAkW4uuVzxRGO6B3ra wI54UC+H4Xfs7qXUJ0JitU/wmlEVMrJPVLfLK5HwfBXUieHzdx590Igsc9tRnZ+Z czs2DNcJIlAJfiSsw9pd00THqqvtqmpHLUHYzhcLdF6G+Hugsa5+Q9s7EiKuAiyT FNlhMI9JvM7e9UZFZeVw2YtAT3sb6b8DhlMn8dXLRTSUIoXT2WrEwEaURV7R0/qI RJFMxrQbJvlLViHqfi4AV+WXlnlVHpyY6E/vxEOQNiyTxoYR6kIccMzUjMLBBPrM P7TsRFjJInLY7eSqAwpdeqrRB9c8JUwWNEhwsipUSVIfHZjxF9X3KPNhnfobT5tj PkRpQwjZjbSWZGpq1kCu4zq5GJ/zHcahgWiF6DXu6pTqunQBTPb43RWh+yjwh6+j orOW0h4cwjEEVpRI6GhWpGa8VB7wOOdaNsocmllhL4Xtapyr2esGpv++4e9I6l7D NPV1OiyRiXKM8a/go2TwSZn6HsMkB6mV0wzXDy8BYxZv3oToS4ngN2ggJoTbUlDM 1q1qLScuY0iuucjRuQp0RnOOiJBkz03gaDa0AENmv6DghkcyWxme0CLI99qhaH0o pHn0DJ029gFyW12NpMps/k7WcuG0oxI6LmvKq8RfKsvOoB/8UiQ= =mZvh -----END PGP SIGNATURE----- --jhfoks7husqhm3bd--