* bug#55361: [Installer] Extra unprivileged “root” account added
@ 2022-05-11 9:36 Ludovic Courtès
2022-05-20 22:19 ` Ludovic Courtès
0 siblings, 1 reply; 5+ messages in thread
From: Ludovic Courtès @ 2022-05-11 9:36 UTC (permalink / raw)
To: 55361; +Cc: Mathieu Othacehe
The installer built from:
--8<---------------cut here---------------start------------->8---
Generation 214 May 02 2022 21:44:14 (current)
guix 6b588da
repository URL: https://git.savannah.gnu.org/git/guix.git
branch: master
commit: 6b588da368c77cde82ea2f22ca315116228777ad
--8<---------------cut here---------------end--------------->8---
… adds an unprivileged “root” account to the ‘users’ section of the OS
config.
Ludo’.
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#55361: [Installer] Extra unprivileged “root” account added
2022-05-11 9:36 bug#55361: [Installer] Extra unprivileged “root” account added Ludovic Courtès
@ 2022-05-20 22:19 ` Ludovic Courtès
2022-05-21 12:54 ` bokr
0 siblings, 1 reply; 5+ messages in thread
From: Ludovic Courtès @ 2022-05-20 22:19 UTC (permalink / raw)
To: 55361-done; +Cc: Mathieu Othacehe
Ludovic Courtès <ludo@gnu.org> skribis:
> The installer built from:
>
> Generation 214 May 02 2022 21:44:14 (current)
> guix 6b588da
> repository URL: https://git.savannah.gnu.org/git/guix.git
> branch: master
> commit: 6b588da368c77cde82ea2f22ca315116228777ad
>
> … adds an unprivileged “root” account to the ‘users’ section of the OS
> config.
Fixed in 48c748226e2a94d2dec9bfdf84601455f00d6f5e, which reverts
c2125e59d0774cda3e559adeb056459a5f23586b.
Ludo’.
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#55361: [Installer] Extra unprivileged “root” account added
2022-05-20 22:19 ` Ludovic Courtès
@ 2022-05-21 12:54 ` bokr
2022-05-21 13:34 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix
2022-05-21 16:51 ` Ludovic Courtès
0 siblings, 2 replies; 5+ messages in thread
From: bokr @ 2022-05-21 12:54 UTC (permalink / raw)
To: 55361, ludo
Hello,
On +2022-05-21 00:19:06 +0200, Ludovic Courtès wrote:
> Ludovic Courtès <ludo@gnu.org> skribis:
>
> > The installer built from:
> >
> > Generation 214 May 02 2022 21:44:14 (current)
> > guix 6b588da
> > repository URL: https://git.savannah.gnu.org/git/guix.git
> > branch: master
> > commit: 6b588da368c77cde82ea2f22ca315116228777ad
> >
> > … adds an unprivileged “root” account to the ‘users’ section of the OS
> > config.
>
> Fixed in 48c748226e2a94d2dec9bfdf84601455f00d6f5e, which reverts
> c2125e59d0774cda3e559adeb056459a5f23586b.
>
> Ludo’.
>
>
>
--8<---------------cut here---------------start------------->8---
commit c2125e59d0774cda3e559adeb056459a5f23586b
Author: Mathieu Othacehe <othacehe@gnu.org>
Date: Mon Apr 4 16:38:09 2022 +0200
installer: user: Remove useless filtering.
--8<---------------cut here---------------end--------------->8---
--8<---------------cut here---------------start------------->8---
commit 48c748226e2a94d2dec9bfdf84601455f00d6f5e
Author: Ludovic Courtès <ludo@gnu.org>
Date: Fri May 20 20:41:02 2022 +0200
Revert "installer: user: Remove useless filtering."
This reverts commit c2125e59d0774cda3e559adeb056459a5f23586b.
Fixes <https://issues.guix.gnu.org/55361>.
--8<---------------cut here---------------end--------------->8---
Assuming my date-diff hack worked:
--8<---------------cut here---------------start------------->8---
~/wb/guix]$ date-diff '2022-04-04 16:38:09' '2022-05-20 20:41:02'
46days 4hrs 2min 53sec
--8<---------------cut here---------------end--------------->8---
Is this like coming home from 46day vacation and noticing
that, oops, someone left the kitchen door open,
and hoping no ++ungoodniks noticed? Or meh?
Is. or should there be, a required signoff on an
exploitability assessment in the commit, when it
has that scent? (e.g. anything possibly opening
a door to root privilges).
Personally, I am happy to see "fixed," but I would be happier
seeing a signed exploitability assessment, esp if by someone
concentrating on that aspect of things.
Thoughts?
--
Regards,
Bengt Richter
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#55361: [Installer] Extra unprivileged “root” account added
2022-05-21 12:54 ` bokr
@ 2022-05-21 13:34 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix
2022-05-21 16:51 ` Ludovic Courtès
1 sibling, 0 replies; 5+ messages in thread
From: Tobias Geerinckx-Rice via Bug reports for GNU Guix @ 2022-05-21 13:34 UTC (permalink / raw)
To: bokr; +Cc: ludo, 55361
Hi bokr,
What makes this commit special? If there's a security aspect here, what
is it?
> Personally, I am happy to see "fixed," but I would be happier
> seeing a signed exploitability assessment, esp if by someone
> concentrating on that aspect of things.
I don't think anyone is going to volunteer for that honour, unless you
are :-)
Kind regards,
T G-R
Sent from a Web browser. Excuse or enjoy my brevity.
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#55361: [Installer] Extra unprivileged “root” account added
2022-05-21 12:54 ` bokr
2022-05-21 13:34 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix
@ 2022-05-21 16:51 ` Ludovic Courtès
1 sibling, 0 replies; 5+ messages in thread
From: Ludovic Courtès @ 2022-05-21 16:51 UTC (permalink / raw)
To: bokr; +Cc: 55361
Hi,
bokr@bokr.com skribis:
> Assuming my date-diff hack worked:
>
> ~/wb/guix]$ date-diff '2022-04-04 16:38:09' '2022-05-20 20:41:02'
> 46days 4hrs 2min 53sec
>
> Is this like coming home from 46day vacation and noticing
> that, oops, someone left the kitchen door open,
> and hoping no ++ungoodniks noticed? Or meh?
Heh. It was a minor annoyance: the generated OS config would have an
unnecessary “root” user account (unnecessary because it’s included by
default), which ‘guix system init’ would warn about and ignore, and the
end result is unchanged.
IWBN to augment the installation tests with a check for that, but that’s
tricky. But like Tobias wrote, contributions are welcome. :-)
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-05-21 16:52 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-11 9:36 bug#55361: [Installer] Extra unprivileged “root” account added Ludovic Courtès
2022-05-20 22:19 ` Ludovic Courtès
2022-05-21 12:54 ` bokr
2022-05-21 13:34 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix
2022-05-21 16:51 ` Ludovic Courtès
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.