* bug#31814: setuid programs are not first in PATH
@ 2018-06-13 14:32 Clément Lassieur
2018-06-13 15:05 ` Joshua Branson
` (2 more replies)
0 siblings, 3 replies; 12+ messages in thread
From: Clément Lassieur @ 2018-06-13 14:32 UTC (permalink / raw)
To: 31814
Hi,
sourcing /etc/profile
- prepends /run/setuid-programs to $PATH
- then sources $HOME/.guix-profile/etc/profile
and sourcing $HOME/.guix-profile/etc/profile
- prepends $HOME/.guix-profile/bin to $PATH
- prepends $HOME/.guix-profile/sbin to $PATH
so in the end, $PATH looks like:
~/.config/guix/current/bin:~/.guix-profile/bin:~/.guix-profile/sbin:/run/setuid-programs:...
and a command like 'ping' is found in ~/.guix-profile/bin, which makes
it unusable.
Clément
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#31814: setuid programs are not first in PATH
2018-06-13 14:32 bug#31814: setuid programs are not first in PATH Clément Lassieur
@ 2018-06-13 15:05 ` Joshua Branson
2018-06-13 15:06 ` Julien Lepiller
2018-06-13 15:06 ` Clément Lassieur
2018-06-16 9:35 ` Ricardo Wurmus
2018-06-17 21:07 ` Ludovic Courtès
2 siblings, 2 replies; 12+ messages in thread
From: Joshua Branson @ 2018-06-13 15:05 UTC (permalink / raw)
To: 31814
Clément Lassieur <clement@lassieur.org> writes:
> Hi,
>
> sourcing /etc/profile
>
> - prepends /run/setuid-programs to $PATH
> - then sources $HOME/.guix-profile/etc/profile
>
> and sourcing $HOME/.guix-profile/etc/profile
>
> - prepends $HOME/.guix-profile/bin to $PATH
> - prepends $HOME/.guix-profile/sbin to $PATH
>
> so in the end, $PATH looks like:
>
> ~/.config/guix/current/bin:~/.guix-profile/bin:~/.guix-profile/sbin:/run/setuid-programs:...
>
> and a command like 'ping' is found in ~/.guix-profile/bin, which makes
> it unusable.
I'm probably being really silly, but shouldn't it still work? I mean
~/.guix-profile/bin is still in your path right?
>
> Clément
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#31814: setuid programs are not first in PATH
2018-06-13 15:05 ` Joshua Branson
@ 2018-06-13 15:06 ` Julien Lepiller
2018-06-13 15:06 ` Clément Lassieur
1 sibling, 0 replies; 12+ messages in thread
From: Julien Lepiller @ 2018-06-13 15:06 UTC (permalink / raw)
To: 31814
Le 2018-06-13 17:05, Joshua Branson a écrit :
> Clément Lassieur <clement@lassieur.org> writes:
>
>> Hi,
>>
>> sourcing /etc/profile
>>
>> - prepends /run/setuid-programs to $PATH
>> - then sources $HOME/.guix-profile/etc/profile
>>
>> and sourcing $HOME/.guix-profile/etc/profile
>>
>> - prepends $HOME/.guix-profile/bin to $PATH
>> - prepends $HOME/.guix-profile/sbin to $PATH
>>
>> so in the end, $PATH looks like:
>>
>> ~/.config/guix/current/bin:~/.guix-profile/bin:~/.guix-profile/sbin:/run/setuid-programs:...
>>
>> and a command like 'ping' is found in ~/.guix-profile/bin, which makes
>> it unusable.
>
> I'm probably being really silly, but shouldn't it still work? I mean
> ~/.guix-profile/bin is still in your path right?
The ping from ~/.guix-profile/bin is not setuid, contrary to the ping in
/run/setuid-programs. This is necessary for users to run ping.
>
>>
>> Clément
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#31814: setuid programs are not first in PATH
2018-06-13 15:05 ` Joshua Branson
2018-06-13 15:06 ` Julien Lepiller
@ 2018-06-13 15:06 ` Clément Lassieur
2018-06-14 14:01 ` Joshua Branson
1 sibling, 1 reply; 12+ messages in thread
From: Clément Lassieur @ 2018-06-13 15:06 UTC (permalink / raw)
To: Joshua Branson; +Cc: 31814
Joshua Branson <jbranso@fastmail.com> writes:
> Clément Lassieur <clement@lassieur.org> writes:
>
>> Hi,
>>
>> sourcing /etc/profile
>>
>> - prepends /run/setuid-programs to $PATH
>> - then sources $HOME/.guix-profile/etc/profile
>>
>> and sourcing $HOME/.guix-profile/etc/profile
>>
>> - prepends $HOME/.guix-profile/bin to $PATH
>> - prepends $HOME/.guix-profile/sbin to $PATH
>>
>> so in the end, $PATH looks like:
>>
>> ~/.config/guix/current/bin:~/.guix-profile/bin:~/.guix-profile/sbin:/run/setuid-programs:...
>>
>> and a command like 'ping' is found in ~/.guix-profile/bin, which makes
>> it unusable.
>
> I'm probably being really silly, but shouldn't it still work? I mean
> ~/.guix-profile/bin is still in your path right?
Yes, but ~/.guix-profile/bin/ping (which is the one being chosen)
doesn't have the setuid flag, so it doesn't work.
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#31814: setuid programs are not first in PATH
2018-06-13 15:06 ` Clément Lassieur
@ 2018-06-14 14:01 ` Joshua Branson
0 siblings, 0 replies; 12+ messages in thread
From: Joshua Branson @ 2018-06-14 14:01 UTC (permalink / raw)
To: 31814
Clément Lassieur <clement@lassieur.org> writes:
> Joshua Branson <jbranso@fastmail.com> writes:
>
>> Clément Lassieur <clement@lassieur.org> writes:
>>
>>> Hi,
>>>
>>> sourcing /etc/profile
>>>
>>> - prepends /run/setuid-programs to $PATH
>>> - then sources $HOME/.guix-profile/etc/profile
>>>
>>> and sourcing $HOME/.guix-profile/etc/profile
>>>
>>> - prepends $HOME/.guix-profile/bin to $PATH
>>> - prepends $HOME/.guix-profile/sbin to $PATH
>>>
>>> so in the end, $PATH looks like:
>>>
>>> ~/.config/guix/current/bin:~/.guix-profile/bin:~/.guix-profile/sbin:/run/setuid-programs:...
>>>
>>> and a command like 'ping' is found in ~/.guix-profile/bin, which makes
>>> it unusable.
>>
>> I'm probably being really silly, but shouldn't it still work? I mean
>> ~/.guix-profile/bin is still in your path right?
>
> Yes, but ~/.guix-profile/bin/ping (which is the one being chosen)
> doesn't have the setuid flag, so it doesn't work.
Oh. I didn't realize that the ping command was a setuid program. cool.
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#31814: setuid programs are not first in PATH
2018-06-13 14:32 bug#31814: setuid programs are not first in PATH Clément Lassieur
2018-06-13 15:05 ` Joshua Branson
@ 2018-06-16 9:35 ` Ricardo Wurmus
2018-06-16 22:35 ` Clément Lassieur
2018-06-17 21:07 ` Ludovic Courtès
2 siblings, 1 reply; 12+ messages in thread
From: Ricardo Wurmus @ 2018-06-16 9:35 UTC (permalink / raw)
To: Clément Lassieur; +Cc: 31814
Clément Lassieur <clement@lassieur.org> writes:
> Hi,
>
> sourcing /etc/profile
>
> - prepends /run/setuid-programs to $PATH
> - then sources $HOME/.guix-profile/etc/profile
>
> and sourcing $HOME/.guix-profile/etc/profile
>
> - prepends $HOME/.guix-profile/bin to $PATH
> - prepends $HOME/.guix-profile/sbin to $PATH
>
> so in the end, $PATH looks like:
>
> ~/.config/guix/current/bin:~/.guix-profile/bin:~/.guix-profile/sbin:/run/setuid-programs:...
>
> and a command like 'ping' is found in ~/.guix-profile/bin, which makes
> it unusable.
What package in your profile provides “ping”?
--
Ricardo
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#31814: setuid programs are not first in PATH
2018-06-16 9:35 ` Ricardo Wurmus
@ 2018-06-16 22:35 ` Clément Lassieur
0 siblings, 0 replies; 12+ messages in thread
From: Clément Lassieur @ 2018-06-16 22:35 UTC (permalink / raw)
To: Ricardo Wurmus; +Cc: 31814
Ricardo Wurmus <rekado@elephly.net> writes:
> What package in your profile provides “ping”?
inetutils
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#31814: setuid programs are not first in PATH
2018-06-13 14:32 bug#31814: setuid programs are not first in PATH Clément Lassieur
2018-06-13 15:05 ` Joshua Branson
2018-06-16 9:35 ` Ricardo Wurmus
@ 2018-06-17 21:07 ` Ludovic Courtès
2018-06-18 6:16 ` Clément Lassieur
2018-06-18 13:40 ` Marius Bakke
2 siblings, 2 replies; 12+ messages in thread
From: Ludovic Courtès @ 2018-06-17 21:07 UTC (permalink / raw)
To: Clément Lassieur; +Cc: 31814
[-- Attachment #1: Type: text/plain, Size: 642 bytes --]
Hello Clément,
Clément Lassieur <clement@lassieur.org> skribis:
> sourcing /etc/profile
>
> - prepends /run/setuid-programs to $PATH
> - then sources $HOME/.guix-profile/etc/profile
>
> and sourcing $HOME/.guix-profile/etc/profile
>
> - prepends $HOME/.guix-profile/bin to $PATH
> - prepends $HOME/.guix-profile/sbin to $PATH
>
> so in the end, $PATH looks like:
>
> ~/.config/guix/current/bin:~/.guix-profile/bin:~/.guix-profile/sbin:/run/setuid-programs:...
>
> and a command like 'ping' is found in ~/.guix-profile/bin, which makes
> it unusable.
AFAICS this is not a regression, but it can be fixed this way:
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Type: text/x-patch, Size: 781 bytes --]
diff --git a/gnu/system.scm b/gnu/system.scm
index 7cb12a827..d367307a2 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -616,9 +616,6 @@ unset PATH
GUIX_PROFILE=/run/current-system/profile ; \\
. /run/current-system/profile/etc/profile
-# Prepend setuid programs.
-export PATH=/run/setuid-programs:$PATH
-
# Since 'lshd' does not use pam_env, /etc/environment must be explicitly
# loaded when someone logs in via SSH. See <http://bugs.gnu.org/22175>.
# We need 'PATH' to be defined here, for 'cat' and 'cut'. Do this before
@@ -645,6 +642,9 @@ do
fi
done
+# Prepend setuid programs.
+export PATH=/run/setuid-programs:$PATH
+
# Arrange so that ~/.config/guix/current/share/info comes first.
export INFOPATH=\"$HOME/.config/guix/current/share/info:$INFOPATH\"
[-- Attachment #3: Type: text/plain, Size: 224 bytes --]
In the example you give (inetutils), I suppose users want
/run/setuid-programs/ping to come first. I wonder if there are
situations where the current behavior is desirable; maybe not.
Thoughts?
Thanks,
Ludo’.
^ permalink raw reply related [flat|nested] 12+ messages in thread
* bug#31814: setuid programs are not first in PATH
2018-06-17 21:07 ` Ludovic Courtès
@ 2018-06-18 6:16 ` Clément Lassieur
2018-06-19 9:29 ` Ludovic Courtès
2018-06-18 13:40 ` Marius Bakke
1 sibling, 1 reply; 12+ messages in thread
From: Clément Lassieur @ 2018-06-18 6:16 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: 31814
Hello Ludovic,
Ludovic Courtès <ludo@gnu.org> writes:
> Hello Clément,
>
> Clément Lassieur <clement@lassieur.org> skribis:
>
>> sourcing /etc/profile
>>
>> - prepends /run/setuid-programs to $PATH
>> - then sources $HOME/.guix-profile/etc/profile
>>
>> and sourcing $HOME/.guix-profile/etc/profile
>>
>> - prepends $HOME/.guix-profile/bin to $PATH
>> - prepends $HOME/.guix-profile/sbin to $PATH
>>
>> so in the end, $PATH looks like:
>>
>> ~/.config/guix/current/bin:~/.guix-profile/bin:~/.guix-profile/sbin:/run/setuid-programs:...
>>
>> and a command like 'ping' is found in ~/.guix-profile/bin, which makes
>> it unusable.
>
> AFAICS this is not a regression, but it can be fixed this way:
No it's not a regression. I've had the fix locally for a long time.
> diff --git a/gnu/system.scm b/gnu/system.scm
> index 7cb12a827..d367307a2 100644
> --- a/gnu/system.scm
> +++ b/gnu/system.scm
> @@ -616,9 +616,6 @@ unset PATH
> GUIX_PROFILE=/run/current-system/profile ; \\
> . /run/current-system/profile/etc/profile
>
> -# Prepend setuid programs.
> -export PATH=/run/setuid-programs:$PATH
> -
> # Since 'lshd' does not use pam_env, /etc/environment must be explicitly
> # loaded when someone logs in via SSH. See <http://bugs.gnu.org/22175>.
> # We need 'PATH' to be defined here, for 'cat' and 'cut'. Do this before
> @@ -645,6 +642,9 @@ do
> fi
> done
>
> +# Prepend setuid programs.
> +export PATH=/run/setuid-programs:$PATH
> +
> # Arrange so that ~/.config/guix/current/share/info comes first.
> export INFOPATH=\"$HOME/.config/guix/current/share/info:$INFOPATH\"
Yes this sounds good.
> In the example you give (inetutils), I suppose users want
> /run/setuid-programs/ping to come first. I wonder if there are
> situations where the current behavior is desirable; maybe not.
>
> Thoughts?
I can't think of any situations where the current behavior is desirable.
Thank you,
Clément
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#31814: setuid programs are not first in PATH
2018-06-17 21:07 ` Ludovic Courtès
2018-06-18 6:16 ` Clément Lassieur
@ 2018-06-18 13:40 ` Marius Bakke
1 sibling, 0 replies; 12+ messages in thread
From: Marius Bakke @ 2018-06-18 13:40 UTC (permalink / raw)
To: Ludovic Courtès, Clément Lassieur; +Cc: 31814
[-- Attachment #1: Type: text/plain, Size: 353 bytes --]
ludo@gnu.org (Ludovic Courtès) writes:
> In the example you give (inetutils), I suppose users want
> /run/setuid-programs/ping to come first. I wonder if there are
> situations where the current behavior is desirable; maybe not.
The only cases I can think of involve 'sudo'.
But it's easier to work around that, than the other way around.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#31814: setuid programs are not first in PATH
2018-06-18 6:16 ` Clément Lassieur
@ 2018-06-19 9:29 ` Ludovic Courtès
2018-06-19 10:26 ` Clément Lassieur
0 siblings, 1 reply; 12+ messages in thread
From: Ludovic Courtès @ 2018-06-19 9:29 UTC (permalink / raw)
To: Clément Lassieur; +Cc: 31814-done
Hello,
Clément Lassieur <clement@lassieur.org> skribis:
> Ludovic Courtès <ludo@gnu.org> writes:
[...]
>> diff --git a/gnu/system.scm b/gnu/system.scm
>> index 7cb12a827..d367307a2 100644
>> --- a/gnu/system.scm
>> +++ b/gnu/system.scm
>> @@ -616,9 +616,6 @@ unset PATH
>> GUIX_PROFILE=/run/current-system/profile ; \\
>> . /run/current-system/profile/etc/profile
>>
>> -# Prepend setuid programs.
>> -export PATH=/run/setuid-programs:$PATH
>> -
>> # Since 'lshd' does not use pam_env, /etc/environment must be explicitly
>> # loaded when someone logs in via SSH. See <http://bugs.gnu.org/22175>.
>> # We need 'PATH' to be defined here, for 'cat' and 'cut'. Do this before
>> @@ -645,6 +642,9 @@ do
>> fi
>> done
>>
>> +# Prepend setuid programs.
>> +export PATH=/run/setuid-programs:$PATH
>> +
>> # Arrange so that ~/.config/guix/current/share/info comes first.
>> export INFOPATH=\"$HOME/.config/guix/current/share/info:$INFOPATH\"
>
> Yes this sounds good.
Pushed as a854525a34c42622a3945ffeb36781ae48a8267e.
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#31814: setuid programs are not first in PATH
2018-06-19 9:29 ` Ludovic Courtès
@ 2018-06-19 10:26 ` Clément Lassieur
0 siblings, 0 replies; 12+ messages in thread
From: Clément Lassieur @ 2018-06-19 10:26 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: 31814-done
Ludovic Courtès <ludo@gnu.org> writes:
> Hello,
>
> Clément Lassieur <clement@lassieur.org> skribis:
>
>> Ludovic Courtès <ludo@gnu.org> writes:
>
> [...]
>
>>> diff --git a/gnu/system.scm b/gnu/system.scm
>>> index 7cb12a827..d367307a2 100644
>>> --- a/gnu/system.scm
>>> +++ b/gnu/system.scm
>>> @@ -616,9 +616,6 @@ unset PATH
>>> GUIX_PROFILE=/run/current-system/profile ; \\
>>> . /run/current-system/profile/etc/profile
>>>
>>> -# Prepend setuid programs.
>>> -export PATH=/run/setuid-programs:$PATH
>>> -
>>> # Since 'lshd' does not use pam_env, /etc/environment must be explicitly
>>> # loaded when someone logs in via SSH. See <http://bugs.gnu.org/22175>.
>>> # We need 'PATH' to be defined here, for 'cat' and 'cut'. Do this before
>>> @@ -645,6 +642,9 @@ do
>>> fi
>>> done
>>>
>>> +# Prepend setuid programs.
>>> +export PATH=/run/setuid-programs:$PATH
>>> +
>>> # Arrange so that ~/.config/guix/current/share/info comes first.
>>> export INFOPATH=\"$HOME/.config/guix/current/share/info:$INFOPATH\"
>>
>> Yes this sounds good.
>
> Pushed as a854525a34c42622a3945ffeb36781ae48a8267e.
Thank you!
Clément
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2018-06-19 10:27 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-13 14:32 bug#31814: setuid programs are not first in PATH Clément Lassieur
2018-06-13 15:05 ` Joshua Branson
2018-06-13 15:06 ` Julien Lepiller
2018-06-13 15:06 ` Clément Lassieur
2018-06-14 14:01 ` Joshua Branson
2018-06-16 9:35 ` Ricardo Wurmus
2018-06-16 22:35 ` Clément Lassieur
2018-06-17 21:07 ` Ludovic Courtès
2018-06-18 6:16 ` Clément Lassieur
2018-06-19 9:29 ` Ludovic Courtès
2018-06-19 10:26 ` Clément Lassieur
2018-06-18 13:40 ` Marius Bakke
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.