From: Josselin Poiret via Guix-patches via <guix-patches@gnu.org>
To: 路辉 <luhux76@gmail.com>, 57881@debbugs.gnu.org
Subject: [bug#57881] [PATCH] gnu: hikari: only allow use setuid hikari-unlocker.
Date: Sun, 18 Sep 2022 22:05:04 +0200 [thread overview]
Message-ID: <87illk8n4f.fsf@jpoiret.xyz> (raw)
In-Reply-To: <CAGNyvehEsZ9xO5vJgWe1mQ9gpxfD+-JunkvOgd+2hNqOP0MY2w@mail.gmail.com>
Hi,
路辉 <luhux76@gmail.com> writes:
> hikari-unlocker need setuid and pam to work.
>
> if hikari exec a non-setuid hikari-unlocker, such as
> "$HOME/.guix-profile/bin/hikari-unlocker", it will cause hikari's
> lock-mode can't exit, only can press power button to exit it. :(
>
> https://hikari.acmelabs.space/manpage.html
>
> https://hub.darcs.net/raichoo/hikari/browse/src/lock_mode.c#71
> From d1bedbc3c850cf0a60b182999c229079bad9cd99 Mon Sep 17 00:00:00 2001
> From: Lu Hui <luhux76@gmail.com>
> Date: Sat, 17 Sep 2022 20:10:34 +0800
> Subject: [PATCH] gnu: hikari: only allow use setuid hikari-unlocker.
>
> * gnu/packages/wm.scm (hikari)
> [phases]{force-use-setuid-unlocker}: replace "sh -c hikari-unlocker" to
> "/run/setuid-programs/hikari-unlocker"
On Guix system, /run/setuid-programs/ should be in front of whatever
profiles you're using in your PATH, otherwise it will be shadowed by
them. With the default profile loading code in /etc/profile, this
should be what happens but there might be issues with any non-default
setup (ie. package not installed in the ~/.guix-profile/).
To be honest, I'm not happy with hardcoding
/run/setuid-programs/hikari-unlocker, since it won't work on foreign
distros.
Shouldn't we rather report this issue upstream? I'm under the
impression that the locker should detect that it isn't running suid and
not try to query PAM if it isn't able to, and instead fail and display
an error message or something similar.
Best,
--
Josselin Poiret
next prev parent reply other threads:[~2022-09-18 20:06 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-17 12:23 [bug#57881] [PATCH] gnu: hikari: only allow use setuid hikari-unlocker 路辉
2022-09-18 20:05 ` Josselin Poiret via Guix-patches via [this message]
2022-09-23 2:30 ` 路辉
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87illk8n4f.fsf@jpoiret.xyz \
--to=guix-patches@gnu.org \
--cc=57881@debbugs.gnu.org \
--cc=dev@jpoiret.xyz \
--cc=luhux76@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.