From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp10.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms9.migadu.com with LMTPS
	id IPnfHz6BgWQM8QAASxT56A
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 08 Jun 2023 09:20:30 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp10.migadu.com with LMTPS
	id cNrhHj6BgWQqUwAAG6o9tA
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 08 Jun 2023 09:20:30 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id EFE9B14EE4
	for <larch@yhetil.org>; Thu,  8 Jun 2023 09:20:29 +0200 (CEST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces@gnu.org>)
	id 1q79wB-0001gD-H1; Thu, 08 Jun 2023 03:20:03 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1q79wA-0001fB-7f
 for bug-guix@gnu.org; Thu, 08 Jun 2023 03:20:02 -0400
Received: from debbugs.gnu.org ([209.51.188.43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1q79w9-0005tc-TM
 for bug-guix@gnu.org; Thu, 08 Jun 2023 03:20:01 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1q79w9-0003wp-Jq
 for bug-guix@gnu.org; Thu, 08 Jun 2023 03:20:01 -0400
X-Loop: help-debbugs@gnu.org
Subject: bug#63904: Can't setuid programs to anybody but root
Resent-From: Josselin Poiret <dev@jpoiret.xyz>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Thu, 08 Jun 2023 07:20:01 +0000
Resent-Message-ID: <handler.63904.B63904.168620875715098@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 63904
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Edouard Klein <edou@rdklein.fr>, 63904@debbugs.gnu.org
Cc: me@tobias.gr, zimon.toutoune@gmail.com, othacehe@gnu.org, ludo@gnu.org,
 mail@cbaines.net, rekado@elephly.net
Received: via spool by 63904-submit@debbugs.gnu.org id=B63904.168620875715098
 (code B ref 63904); Thu, 08 Jun 2023 07:20:01 +0000
Received: (at 63904) by debbugs.gnu.org; 8 Jun 2023 07:19:17 +0000
Received: from localhost ([127.0.0.1]:55547 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1q79vQ-0003vR-Km
 for submit@debbugs.gnu.org; Thu, 08 Jun 2023 03:19:16 -0400
Received: from jpoiret.xyz ([206.189.101.64]:47384)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <dev@jpoiret.xyz>) id 1q79vO-0003vI-47
 for 63904@debbugs.gnu.org; Thu, 08 Jun 2023 03:19:15 -0400
Received: from authenticated-user (jpoiret.xyz [206.189.101.64])
 by jpoiret.xyz (Postfix) with ESMTPA id 8557D184F2B;
 Thu,  8 Jun 2023 07:19:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jpoiret.xyz; s=dkim;
 t=1686208747;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=2YCb5Z86FlGn4bIWi/PiyKjMAkOdysCPd93Qq9oxTMY=;
 b=CzNgXThlsBGdyW2Y6x3kwpwY4akwXQzUI018lGFPviDL/mgQtNVwaJPp/ocQvnpQNU+IDO
 qCRCdejQMuggRJwiO26aNVXdc5MAI5kvleW+mTYf7B4PPaK7ZHkN6rQQvZbJYl3T0O/u4x
 Dq18Q6w/2gIEfAAf1urL+lj77GpsEllhDURACE0f8JZIpQVqc6kwdMR0pBBwcT+e91jYpE
 2DXZvyGHK9vy/EAcUkJmuzqsNYiQI3poHJCUGhO9i1Gb9XP7miLQZ3slXtnTU7pkzOi7E3
 mA1NPuAKLYD9g0izt1b/FnTFz+XRkCeX/m2+NZ/pAMxgdCtUeBme0iTNPAMIWg==
In-Reply-To: <878rcxt4jt.fsf@rdklein.fr>
References: <87h6rmtdzk.fsf@rdklein.fr> <878rcxt4jt.fsf@rdklein.fr>
Date: Thu, 08 Jun 2023 09:19:00 +0200
Message-ID: <87edmma0bf.fsf@jpoiret.xyz>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spamd-Bar: +
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Reply-to:  Josselin Poiret <dev@jpoiret.xyz>
From:  Josselin Poiret via Bug reports for GNU Guix <bug-guix@gnu.org>
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: bug-guix-bounces+larch=yhetil.org@gnu.org
X-Migadu-Country: US
X-Migadu-Flow: FLOW_IN
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1686208830;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:resent-cc:resent-from:resent-sender:
	 resent-message-id:in-reply-to:in-reply-to:references:references:
	 list-id:list-help:list-unsubscribe:list-subscribe:list-post:
	 dkim-signature; bh=2YCb5Z86FlGn4bIWi/PiyKjMAkOdysCPd93Qq9oxTMY=;
	b=cGOT1gfV9M0bAChdt0Ug0wB+Ta2yycfAWdiegxMvGO1tjXSRqiNeFk1PhHqUZLQBt7bZOL
	E5SPvlxHFogcNLEMA4ChgMFaBkR3UGvFn+8iZXrUZ3LJlLidmdHNFV2o5UmdJjiPRxSeVR
	JTG7kGFEkBjwqJ6QciKYLTJJ2iMj1j8T/hch9ElLc8XRy17/RoPmoHucOF7t6IEbeUwsMS
	hBZGzPdTvBO2ub893GJ5TvKIP2shOy6eFVO8k6gqF58HgVbTJH80uXwru436EEL1O/AIe4
	qt5gPnBg2erSCiKi/7MDRtyqvN4Q9FedhFlFzqi9BpBmyjPCTy/tPk6KzZrN9Q==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=jpoiret.xyz header.s=dkim header.b=CzNgXThl;
	dmarc=pass (policy=none) header.from=gnu.org;
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1686208830; a=rsa-sha256; cv=none;
	b=dBJsE+wPUjJEOIaKUy/Hj7Y44ydbc8PJbFcgz7HZ4QHWKVp1+Rfx495CZmPuLJ2PwK7OBa
	yub8VXGUDZcEvS0HKl2H3CdkgcAKUdJ1v82sH5zRB4lLtp9X870SZiMv30PJYmZDeFrUBH
	cdqrjVo+owrLa09fgwSkuYqQJqY6TgZ+w4A/lxc1p6NX907ZhwD3Q7vFVv0stVdURa0hyb
	F8rtuEllH9kMDZCT/fQM222qZtaT6MA1dHWNOvZvrTdUKVCLtLlhHBJ8GPsFddpGlix3MP
	vSGe3orM0scDszxhXKsBgk+EZr1FvWbkbsee86+nWWPy8NxVPPQMHu90gvDYMw==
X-Migadu-Scanner: scn1.migadu.com
X-Migadu-Spam-Score: -3.80
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=jpoiret.xyz header.s=dkim header.b=CzNgXThl;
	dmarc=pass (policy=none) header.from=gnu.org;
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: EFE9B14EE4
X-Spam-Score: -3.80
X-TUID: BNDK6ZEOEE3Z

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hi everyone,

You might want to have a look at [1], which should resolve this.  I've
held off on reviewing it for quite a bit but have talked on IRC recently
with bjc about it.  With this approach, while cleaner, we'll need to
identify which services rely on the setuid binaries being present, as
well as ensure they're up before any interaction with the user is
possible.

[1] https://issues.guix.gnu.org/62726

HTH,
=2D-=20
Josselin Poiret

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQHEBAEBCgAuFiEEOSSM2EHGPMM23K8vUF5AuRYXGooFAmSBgOQQHGRldkBqcG9p
cmV0Lnh5egAKCRBQXkC5Fhcaigf1DACI1mMO1MSBDjr3TDPJwO18m+j+cLrdNo3+
Bmi+aSL4AmjGJ8RYEDAGtRninFxt1QGaoDs060pe6LPsaA0BGxVkm7ldVWIfob2B
7czkGF55kRAp0Ikx0CQAvjjXfczO0nSVQZx5KOPcbhl2PEaD9e4uZNISPzPipeJF
SM+M2KSceqS+/pE1DCLrNMe2TdmhIsiOwAJN1BnsruusgKCeBdTzHV121pnrrOj6
pQSCeGo84rx4+YLT7tIya92Tly068KPWmo3ZxmGJ74MQiGFt92j0u87BMT8JNY0U
9GXE1eQmYvDyw2en2v3SSAoP5BiDH4MkKzvU1K8cQk+ncGhJbkvbF4h3q7uUfEhK
FccQh9mKeeXSxXObAJBEeLcdVW4JyZKAmYqrhm7wRLYYzKXfZPOwC4pWzkh26qlG
vmSQ0vfXHp3HWqk81XBF1nfktqQyYhwOK7Gxu5fccGErI+qvQlvKX/QbXF/AoeCF
x+pyQ7k2fjLYRKRobZKa6Bbf3MpZ6sQ=
=t6uz
-----END PGP SIGNATURE-----
--=-=-=--