From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id EOh9DKJ53l70HwAA0tVLHw (envelope-from ) for ; Mon, 08 Jun 2020 17:47:14 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id gGFcCKJ53l6fUwAA1q6Kng (envelope-from ) for ; Mon, 08 Jun 2020 17:47:14 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 4ED249404C5 for ; Mon, 8 Jun 2020 17:47:13 +0000 (UTC) Received: from localhost ([::1]:46710 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jiLra-0000F2-Ja for larch@yhetil.org; Mon, 08 Jun 2020 13:47:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52886) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jiLrS-0000Ep-9O for guix-patches@gnu.org; Mon, 08 Jun 2020 13:47:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:46301) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jiLrS-0001yz-0F for guix-patches@gnu.org; Mon, 08 Jun 2020 13:47:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jiLrR-0000Uj-U1 for guix-patches@gnu.org; Mon, 08 Jun 2020 13:47:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#41763] services: opensmtpd: Fix the setgid problem for the smtpctl utility. Resent-From: maxim.cournoyer@gmail.com Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 08 Jun 2020 17:47:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 41763 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 41763@debbugs.gnu.org Cc: Christopher Baines X-Debbugs-Original-To: guix-patches Received: via spool by submit@debbugs.gnu.org id=B.15916384111883 (code B ref -1); Mon, 08 Jun 2020 17:47:01 +0000 Received: (at submit) by debbugs.gnu.org; 8 Jun 2020 17:46:51 +0000 Received: from localhost ([127.0.0.1]:57847 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jiLrG-0000UI-QL for submit@debbugs.gnu.org; Mon, 08 Jun 2020 13:46:51 -0400 Received: from lists.gnu.org ([209.51.188.17]:49030) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jiLrE-0000UA-Ok for submit@debbugs.gnu.org; Mon, 08 Jun 2020 13:46:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52868) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jiLrD-0000EI-Sa for guix-patches@gnu.org; Mon, 08 Jun 2020 13:46:48 -0400 Received: from mail-qk1-x734.google.com ([2607:f8b0:4864:20::734]:34520) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jiLrB-0001uT-W3 for guix-patches@gnu.org; Mon, 08 Jun 2020 13:46:47 -0400 Received: by mail-qk1-x734.google.com with SMTP id f18so18144662qkh.1 for ; Mon, 08 Jun 2020 10:46:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version; bh=YXsJhIXSYJ+Rdp1JYxGf+ixFNFRfw1N4VxDDYTiXwCk=; b=Ojpye49MZXW2a6DcDHi+7z14Hvrhr7dlrTCafFVh1uOuaKHnXAuA40ulJaEEgAEouE isfnN5+r3TQKl5pp5TC06oc+EFHrkrjFvD/N5BI1i7GNyVLXjfHeE1NELy3auFOrdiTe DNE3aG/UILoNMlLKIEzC9iVCNXlEG8oyeDpXJ0NDk2VSDGx0keYFxEY9gyqWsj2/od4k /eZH7B40TK6IAqBKROn3hOEQ+r5p4rgG479bXWho7Ar/lCiE9cr1te3VWuXhDcz7Vymu zyarPo5gIO7KLWBtoimtT2lz5mryY4bm0nUD9IajqBvFkUh6C+Wp+Vb2AGCQEPS3T0fj abVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version; bh=YXsJhIXSYJ+Rdp1JYxGf+ixFNFRfw1N4VxDDYTiXwCk=; b=XoQGYpTZzxSsaMH1q7a0UYqVgFD4tkSbezUcke/Z8jOvVQPhNqo5UAgnH2etH/o8xU 9DC3qp3ljZ75ptGcTcofb9W9QuQNSWbA1EH7B4Gy83B6eXgRi1pIAVyS0Uz6XHHGeWw0 QkrHbIZWABkaA68RcGChbgszfvs1C8sKh+O1LW9AZd1GH5C3sKFGzSbEYn1ksiDk8TXH T+RT6FUWkdFRx/IXVvNmywRuZUFhhJ2zQKY7fitNX/KpefT+6saYqxHB0vO+THq7IS7Q Fl7ntcRZeudyU4L4+0RyTSXgHWdyVb2fiPZK/NQuHK4iGl18b8S7ephfmiZouwP+Egm6 9AcQ== X-Gm-Message-State: AOAM532P/vXh/ThwNovF9GJtkvRO9aX0iM/jwulHtB5iBit4suSK3mSM xhTa04z2fkBY7l4FpRr2jW3u6drLIT0= X-Google-Smtp-Source: ABdhPJydwxHQHRTPZaqAuEJirGCBhW7dglmExIeCuMlFmwNZiy4aL/ZKkw2qWf9kzC53hnRYv+JKZg== X-Received: by 2002:a05:620a:8cd:: with SMTP id z13mr22168575qkz.54.1591638404324; Mon, 08 Jun 2020 10:46:44 -0700 (PDT) Received: from hurd (dsl-152-235.b2b2c.ca. [66.158.152.235]) by smtp.gmail.com with ESMTPSA id x36sm8037092qtd.97.2020.06.08.10.46.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jun 2020 10:46:43 -0700 (PDT) From: maxim.cournoyer@gmail.com Date: Mon, 08 Jun 2020 13:46:37 -0400 Message-ID: <87eeqpih6q.fsf@hurd.i-did-not-set--mail-host-address--so-tickle-me> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Received-SPF: pass client-ip=2607:f8b0:4864:20::734; envelope-from=maxim.cournoyer@gmail.com; helo=mail-qk1-x734.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-Spam-Score: 0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -2.3 (--) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=gmail.com header.s=20161025 header.b=Ojpye49M; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: -2.01 X-TUID: ahFGuoMwCU1e --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Hello! The following patches provide a mean to specify a user and group for a setuid program, and uses that to fix a setgid permission issue in the context of the opensmtpd service. Christopher, you should be able to leverage this new facility to configure the uid/gid of the sendmail program to that of the smtpq user, like this: --8<---------------cut here---------------start------------->8--- (operating-system) [...] (setuid-programs (cons (list (file-append sendmail "/usr/sbin/sendmail") "smtpq") %setuid-programs)) --8<---------------cut here---------------end--------------->8--- The smtpq user is created as part of the OpenSMTPD service definition. Thank you, --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: attachment; filename=0001-services-Allow-configuring-the-ownership-of-setuid-p.patch Content-Transfer-Encoding: quoted-printable From=20e1b8840da16fb531f6607892ebf08f2d5472b962 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Sun, 7 Jun 2020 23:01:49 -0400 Subject: [PATCH 1/3] services: Allow configuring the ownership of setuid programs. Fixes . * gnu/build/activation.scm (activate-setuid-programs): Update doc. Allow a program entry to be a list that may include a user and a group. [make-setuid-program] New USER and GROUP keyword parameters. Move the error handling inside the MAKE-SETUID-PROGRAM helper procedure. * gnu/services.scm (setuid-program-service-type): Update doc. * doc/guix.texi (Setuid Programs): Update doc. =2D-- doc/guix.texi | 17 +++++++++++--- gnu/build/activation.scm | 48 +++++++++++++++++++++++++--------------- gnu/services.scm | 17 ++++++++++++-- 3 files changed, 59 insertions(+), 23 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 056bf011f6..83d7344bd8 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -26429,14 +26429,25 @@ should be setuid root. =20 The @code{setuid-programs} field of an @code{operating-system} declaration contains a list of G-expressions denoting the names of =2Dprograms to be setuid-root (@pxref{Using the Configuration System}). =2DFor instance, the @command{passwd} program, which is part of the Shadow =2Dpackage, can be designated by this G-expression (@pxref{G-Expressions}): +programs to be setuid (@pxref{Using the Configuration System}). The +user and group ownership of the setuid program default to @code{root}, +but can be specified by declaring them along the file name of the +program. For instance, the @command{passwd} program, which is part of +the Shadow package, can be designated as a setuid-root porgram by this +G-expression (@pxref{G-Expressions}): =20 @example #~(string-append #$shadow "/bin/passwd") @end example =20 +As a second example, the @command{smtpctl} program, which is part of the +OpenSMTPD package, requires to have its group set to @samp{smtpq}. +This can be specified using: + +@example +(list (file-append opensmtpd "/bin/smtpctl") "smtpq" "smtpq") +@end example + A default set of setuid programs is defined by the @code{%setuid-programs} variable of the @code{(gnu system)} module. =20 diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm index 30f5e87d5a..6be3664d44 100644 =2D-- a/gnu/build/activation.scm +++ b/gnu/build/activation.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright =C2=A9 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovi= c Court=C3=A8s ;;; Copyright =C2=A9 2015 Mark H Weaver +;;; Copyright =C2=A9 2020 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; @@ -227,14 +228,28 @@ they already exist." "/run/setuid-programs") =20 (define (activate-setuid-programs programs) =2D "Turn PROGRAMS, a list of file names, into setuid programs stored under =2D%SETUID-DIRECTORY." =2D (define (make-setuid-program prog) + "Turn PROGRAMS, a list of file names and/or of nested lists composed of a +file name, a user and a group, into setuid programs stored under +%SETUID-DIRECTORY. The user and group default to \"root\" and affect the +ownership of the associated file name." + (define* (make-setuid-program prog #:key (user "root") (group user)) (let ((target (string-append %setuid-directory "/" (basename prog)))) =2D (copy-file prog target) =2D (chown target 0 0) =2D (chmod target #o6555))) + (catch 'system-error + (lambda () + (let ((uid (passwd:uid (getpwnam user))) + (gid (group:gid (getgrnam group)))) + (copy-file prog target) + (chown target uid gid) + (chmod target #o6555))) + (lambda args + ;; If we fail to create a setuid program, better keep going + ;; so that we don't leave %SETUID-DIRECTORY empty or + ;; half-populated. This can happen if PROGRAMS contains + ;; incorrect file names: . + (format (current-error-port) + "warning: failed to make '~a' setuid (~a:~a): ~a~%" + prog user group (strerror (system-error-errno args))))))) =20 (format #t "setting up setuid programs in '~a'...~%" %setuid-directory) @@ -247,18 +262,15 @@ they already exist." string. =2D (format (current-error-port) =2D "warning: failed to make '~a' setuid-root: ~a~= %" =2D program (strerror (system-error-errno args))))= )) + (for-each (match-lambda + ((program user group) + (make-setuid-program program #:user user #:group group)) + ((program user) + (make-setuid-program program #:user user)) + ((program) + (make-setuid-program program)) + (program + (make-setuid-program program))) programs)) =20 (define (activate-special-files special-files) diff --git a/gnu/services.scm b/gnu/services.scm index 2e4648bf78..19a1c38ceb 100644 =2D-- a/gnu/services.scm +++ b/gnu/services.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright =C2=A9 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Court=C3= =A8s ;;; Copyright =C2=A9 2016 Chris Marusich +;;; Copyright =C2=A9 2020 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; @@ -681,12 +682,24 @@ FILES must be a list of name/file-like object pairs." (list (service-extension activation-service-type (lambda (programs) #~(activate-setuid-programs =2D (list #$@programs)))))) + (quote (#$@programs))))))) (compose concatenate) (extend append) (description "Populate @file{/run/setuid-programs} with the specified =2Dexecutables, making them setuid-root."))) +executables, making them setuid. The PROGRAMS entries extending the +setuid-program-service-type is a list of file-like objects. Alternatively= to +file-like objects, nested lists containing a file-like object, a user and a +group can be used to control the ownership of the associated file. + +Example: + +(list (file-append shadow \"/bin/passwd\") + (list (file-append opensmtpd \"/bin/smtpctl\") \"root\" \"smtpq\")) + +The @command{passwd} program has both its user and group set to the +default \"root\" while the @command{smtpctl} program has its user set to +\"root\" and its group set to \"smtpq\"."))) =20 (define (packages->profile-entry packages) "Return a system entry for the profile containing PACKAGES." =2D-=20 2.26.2 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0002-services-opensmtpd-Remove-unused-binding.patch Content-Transfer-Encoding: quoted-printable From=2001c1ab83bf6f5a8158a993de2fa0048f6d172a73 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Sun, 7 Jun 2020 23:49:25 -0400 Subject: [PATCH 2/3] services: opensmtpd: Remove unused binding. * gnu/services/mail.scm (opensmtpd-activation): Remove unused SMTPD variable binding. =2D-- gnu/services/mail.scm | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm index cfcaf4601b..7c49d99e9f 100644 =2D-- a/gnu/services/mail.scm +++ b/gnu/services/mail.scm @@ -1665,15 +1665,14 @@ match from local for any action outbound (define opensmtpd-activation (match-lambda (($ package config-file) =2D (let ((smtpd (file-append package "/sbin/smtpd"))) =2D #~(begin =2D (use-modules (guix build utils)) =2D ;; Create mbox and spool directories. =2D (mkdir-p "/var/mail") =2D (mkdir-p "/var/spool/smtpd") =2D (chmod "/var/spool/smtpd" #o711) =2D (mkdir-p "/var/spool/mail") =2D (chmod "/var/spool/mail" #o711)))))) + #~(begin + (use-modules (guix build utils)) + ;; Create mbox and spool directories. + (mkdir-p "/var/mail") + (mkdir-p "/var/spool/smtpd") + (chmod "/var/spool/smtpd" #o711) + (mkdir-p "/var/spool/mail") + (chmod "/var/spool/mail" #o711))))) =20 (define %opensmtpd-pam-services (list (unix-pam-service "smtpd"))) =2D-=20 2.26.2 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0003-services-opensmtpd-Fix-the-setgid-problem-for-the-sm.patch Content-Transfer-Encoding: quoted-printable From=2052a1a031e6a7c0196cf17d0bd32061d02b453df8 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Sun, 7 Jun 2020 23:52:00 -0400 Subject: [PATCH 3/3] services: opensmtpd: Fix the setgid problem for the smtpctl utility. The utility was complaining that it wasn't setgid to the group ID of the "smtpq" group. * gnu/services/mail.scm (opensmtpd-service-type): Extend the setuid-program-service-type with the smtpctl program. =2D-- gnu/services/mail.scm | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm index 7c49d99e9f..96efbd951d 100644 =2D-- a/gnu/services/mail.scm +++ b/gnu/services/mail.scm @@ -1662,6 +1662,11 @@ match from local for any action outbound (home-directory "/var/empty") (shell (file-append shadow "/sbin/nologin"))))) =20 +(define (opensmtpd-setuid-programs opensmtpd-configuration) + (let ((smtpctl (file-append (opensmtpd-configuration-package + opensmtpd-configuration) "/sbin/smtpctl"))) + (list (list smtpctl "smtpq")))) + (define opensmtpd-activation (match-lambda (($ package config-file) @@ -1683,6 +1688,8 @@ match from local for any action outbound (extensions (list (service-extension account-service-type (const %opensmtpd-accounts)) + (service-extension setuid-program-service-type + opensmtpd-setuid-programs) (service-extension activation-service-type opensmtpd-activation) (service-extension pam-root-service-type =2D-=20 2.26.2 --=-=-= Content-Type: text/plain Maxim --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEJ9WGpPiQCFQyn/CfEmDkZILmNWIFAl7eeX0ACgkQEmDkZILm NWJXDg/+JGbUaMn8GMdk4Ek1ZJSsZusQWvzXR+ie82wLZ51LtpuAmNmtFeYiODe7 UYMVZGXTLhRqhwxdEoQUE6+i1H1Y3qj9D8nl6223/ZU63czuFb7JiQ6QmeU6KGao Un/yVZyERznxeUUvqZQlH3oPLQglvc1K2w+zcAhdcCf2GJjJjkGoOrvI5hQ/sueh /E8GG71FqGPMT3MRaHc7G4T1GDAXFlHK9YmLwFzRLPnEAQMVlMidw8EgKd7g1ZWT tE+1iQbyrNpodDHUDTotWUtFxKmyFovm3ct3K3xFs3Ao6EwVZfJqNvNJlx7O6IiH Nat8Z5H0zZ6MwCiEJToetZfNSG+rRX0jpGwDRDBx6hwXxCEslHUGbyBGyZlQQuji PYYpqWzQYAzpv8ijnsIYYFoowopABGfvZlWTtXBgLyNETgli1pQTxT5H/a8Tkm7t ySDI9+2nPnJilirnTUFynspUWL0oYzJExi5ZLnt1yNU9mwmFTKecM2mx5q6wjXBY erTN+2JwfW7X2Nrb8JNJKHoDBUJpGmj8lvIZoTcB4B46vkDzCcC497fpFaGAuh3f kO6TC+NABNncXRGTsaf5rIS7HwIFBZkfmrNTaEX4AwFzzo8D7RZ3q8kW/m9LgEzR zvyW3CVQBoKiqyoPoxTum0Bsw7FG8YrhWoj7ECdQwzHY7qj5OJs= =FFdP -----END PGP SIGNATURE----- --==-=-=--