From: Christopher Lemmer Webber <cwebber@dustycloud.org>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: 44700@debbugs.gnu.org
Subject: [bug#44700] services: setuid: More configurable setuid support.
Date: Tue, 17 Nov 2020 11:31:13 -0500 [thread overview]
Message-ID: <87sg98djxq.fsf@dustycloud.org> (raw)
In-Reply-To: <87r1oss4dg.fsf@gnu.org>
Ludovic Courtès writes:
> Hello!
>
> Christopher Lemmer Webber <cwebber@dustycloud.org> skribis:
>
>>>From eadac673fb22132c555a4e1cee57a6308ecfdad4 Mon Sep 17 00:00:00 2001
>> From: Christopher Lemmer Webber <cwebber@dustycloud.org>
>> Date: Sun, 15 Nov 2020 16:58:52 -0500
>> Subject: [PATCH] services: setuid: More configurable setuid support.
>>
>> New record <setuid-program> with fields for setting the specific user and
>> group, as well as specifically selecting the setuid and setgid bits, for a
>> program within the setuid-program-service.
>>
>> * gnu/services.scm (<setuid-program>): New record type.
>> (setuid-program, make-setuid-program, setuid-program?)
>> (setuid-program-program, stuid-program-setuid?, setuid-program-setgid?)
>> (setuid-program-user, setuid-program-group): New variables, export them.
>> (setuid-program-entry): New variable, a procedure used for the
>> service-extension of activation-service-type as set up by
>> setuid-program-service-type. Unpacks the <setuid-program> record,
>> handing off within the gexp to activate-setuid-programs.
>> (setuid-program-service-type): Make use of setuid-program-entry.
>> * gnu/build/activation.scm (activate-setuid-programs): Update to expect a
>> ftagged list for each program entry, pre-unpacked from the <setuid-program>
>> record before being handed to this procedure.
>
> This looks like the right approach to me!
>
>> + (for-each (match-lambda
>> + [('setuid-program src-path setuid? setgid? user group)
>> + (let ((uid (match user
>> + [(? string?) (passwd:uid (getpwnam user))]
>> + [(? integer?) user]))
>> + (gid (match group
>> + [(? string?) (group:gid (getgrnam user))]
>> + [(? integer?) group])))
>> + (catch 'system-error
>> + (lambda ()
>> + (let ((target (string-append %setuid-directory
>> + "/" (basename src-path)))
>> + (mode (+ #o0555 ; base permissions
>> + (if setuid? #o4000 0) ; setuid bit
>> + (if setgid? #o2000 0)))) ; setgid bit
>> + (copy-file src-path target)
>> + (chown target uid gid)
>> + (chmod target mode)))
>
> Nitpick: I’d write “program” or “source” instead of “src-path” and avoid
> square brackets for consistency with the rest of the code base (you
> spent time in Racket-land, didn’t you? ;-)).
Sounds good. And yes, Racket influence is shining through, oops!
>> +(define (setuid-program-entry programs)
>> + #~(activate-setuid-programs
>> + ;; convert into a tagged list structure as expected by
>> + ;; activate-setuid-programs
>> + (list #$@(map (match-lambda
>> + [(? setuid-program? sp)
>> + #~(list 'setuid-program
>> + #$(setuid-program-program sp)
>> + #$(setuid-program-setuid? sp)
>> + #$(setuid-program-setgid? sp)
>> + #$(setuid-program-user sp)
>> + #$(setuid-program-group sp))]
>> + ;; legacy, non-<setuid-program> structure
>> + [program
>> + ;; TODO: Spit out a warning here?
>> + #~(list 'setuid-program
>> + #$program
>> + #t #t 0 0)])
>> + programs))))
>
> Maybe what we could do is rename ‘operating-system-setuid-programs’ to
> ’%operating-system-setuid-programs’, keep that internal, and add a new
> ‘operating-system-setuid-programs’ that calls the other one and
> “canonicalizes” list entries so that they’re all <setuid-program>
> records.
"rename"? There is no operating-system-setuid-programs so I'm not sure
what you mean to rename from... setuid-program-entry, or presumably
activate-setuid-programs...?
> It would call:
>
> (warning log (G_ "representing setuid programs with strings is \
> deprecated; use 'setuid-program' instead~%"))
Aha, I wasn't sure what to use for deprecation warnings actually, so
this is helpful, thanks!
> WDYT?
>
> Could you also update the “Setuid Programs” section of the manual?
Happy to do it.
> In a subsequent commit, we need to adjust all the services that extend
> ‘setuid-program-service-type’ so they pass a <setuid-program> and not a
> string.
Yes... let's worry about that once this interface is hammered out. :)
Glad it seems like the general approach was right though!
> Thanks!
>
> Ludo’.
next prev parent reply other threads:[~2020-11-17 16:33 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-16 23:29 [bug#44700] services: setuid: More configurable setuid support Christopher Lemmer Webber
2020-11-17 9:46 ` Ludovic Courtès
2020-11-17 16:31 ` Christopher Lemmer Webber [this message]
2020-11-17 20:48 ` Ludovic Courtès
2021-04-14 17:06 ` Christopher Lemmer Webber
2021-07-03 16:51 ` [bug#44700] [PATCH v2 0/2] " Brice Waegeneire
2021-07-03 16:51 ` [bug#44700] [PATCH v2 1/2] " Brice Waegeneire
2021-07-03 16:51 ` [bug#44700] [PATCH v2 2/2] services: Migrate to <setuid-program> Brice Waegeneire
2021-07-05 15:28 ` Chris Lemmer-Webber
2021-07-06 20:03 ` [bug#44700] [PATCH v3 0/2] More configurable setuid/setgid support Brice Waegeneire
2021-07-06 20:03 ` [bug#44700] [PATCH v3 1/2] services: setuid: More configurable setuid support Brice Waegeneire
2021-07-06 20:03 ` [bug#44700] [PATCH v3 2/2] services: Migrate to <setuid-program> Brice Waegeneire
2021-07-07 17:41 ` Chris Lemmer-Webber
2021-07-29 16:04 ` Christine Lemmer-Webber
2021-07-29 16:16 ` Christine Lemmer-Webber
2021-07-29 16:18 ` bug#44700: " Christine Lemmer-Webber
2021-08-12 10:37 ` [bug#44700] services: setuid: More configurable setuid support Ludovic Courtès
2021-08-12 16:06 ` Christine Lemmer-Webber
2020-11-17 16:29 ` Maxim Cournoyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sg98djxq.fsf@dustycloud.org \
--to=cwebber@dustycloud.org \
--cc=44700@debbugs.gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.