From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id iOYrLkBaZGSTEQEASxT56A (envelope-from ) for ; Wed, 17 May 2023 06:38:24 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id OF8hLkBaZGSYlwAAauVa8A (envelope-from ) for ; Wed, 17 May 2023 06:38:24 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 97B1D115E4 for ; Wed, 17 May 2023 06:38:24 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pz8v6-0001MI-I2; Wed, 17 May 2023 00:37:48 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pz8v5-0001MA-EA for guix-devel@gnu.org; Wed, 17 May 2023 00:37:47 -0400 Received: from sail-ipv4.us-core.com ([208.82.101.137]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1pz8v2-0002U9-UK for guix-devel@gnu.org; Wed, 17 May 2023 00:37:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=g+387jzetlfXf+s 4l1aQdAOH4OIzMl0GgsuIGcyaSEU=; h=cc:to:subject:date:from:in-reply-to: references; d=lease-up.com; b=RfjfwaXLfvIqmnivVJK7QBxB0hsG8dqiA5t17nk8 PT0Ow8VArxRpiBGBLB+hqkjHJdy/Vx145uBO1fWrzq3h0NdGCVSJyQRavdGL5h/sN0eP6Q XhMJZ0bcyT10v+ZVAVKny0Qp96i79epDuSEZkJSogw3USVwvqDVh51DiZoaoM= Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id d54ec797 (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO) for ; Wed, 17 May 2023 04:37:39 +0000 (UTC) Received: by mail-lf1-f47.google.com with SMTP id 2adb3069b0e04-4f38bea8be8so7147357e87.0 for ; Tue, 16 May 2023 21:37:38 -0700 (PDT) X-Gm-Message-State: AC+VfDzmARH3RM7DhtflgU3Nj1dubU14vircJInc9rVwtth6ecqyEF5r VNODOFaj0xFnB74VCOEYjQ2BJC17Yhcvs97BiWo= X-Google-Smtp-Source: ACHHUZ5dGqH38PSBLzZkNgC7xSvkT9GGMK/X/MsyiYwlKZPeXBQpp1/Nxiv5F+0vOwNElrltjL/L3huCG2U7M6E5YCU= X-Received: by 2002:a05:6512:3c96:b0:4f0:ee3:848f with SMTP id h22-20020a0565123c9600b004f00ee3848fmr270532lfv.15.1684298257004; Tue, 16 May 2023 21:37:37 -0700 (PDT) MIME-Version: 1.0 References: <87354otagp.fsf@jpoiret.xyz> <87wn20rn0s.fsf@jpoiret.xyz> <20230425170422.66rd4ro4gblngbc7@X-kone> In-Reply-To: <20230425170422.66rd4ro4gblngbc7@X-kone> Date: Tue, 16 May 2023 21:37:00 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Setuid handling? To: Saku Laesvuori Cc: Josselin Poiret , Guix Devel Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=208.82.101.137; envelope-from=felix.lechner@lease-up.com; helo=sail-ipv4.us-core.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Felix Lechner From: Felix Lechner via "Development of GNU Guix and the GNU System distribution." Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Seal: i=1; s=key1; d=yhetil.org; t=1684298304; a=rsa-sha256; cv=none; b=cMosFuAIZ2p05yMBgHzVN7X+thAGd0OqkLy8BYTHMBJBlFkS9uchMezdLk3MHjHgXB5RCS 4rQ+mBxVKTHUThqfzcmiLmE613lJQDZgrASixn+w01Astc4d2wBZ2o7LheDOEA64QruI78 aINP0tSLb5TPSp0amb0MdrwS4LJPVl0FbgUd9rNGUtGvs999VciiFhqhnGq5B5QUdiJYo8 JJHmJSc1SYx5l8iLssrOkbs07cofW8CrnAsPNivWkYdqLwjJl1JD7NXbDZgG/t9+q7frb8 YWIUHj2w+OkrZdMXkGmm7W+8BonftD/jhZTEOX4sARFU3kffavjz50IvtmdD2Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=lease-up.com header.s=2017 header.b=RfjfwaXL; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1684298304; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=g+387jzetlfXf+s4l1aQdAOH4OIzMl0GgsuIGcyaSEU=; b=NRFCXtHde9x3T9fYOk7X0MFt3Qh64t6+6eGyWcrtT0k5LvogE+IpIDI6vd21ENavz/lz1i mRLDqDBn44+dI7rtdK7VXINeIaol3qcEPlCPOEGZHW3wEa6SKt7L1QgYQiTFB7ouSZHmSB f+lfgNhII7g1r5/rm7UHxlQ8eRKWKkKl8E0/Kbo3cxA7vDlNe0n1Vz9tcNSLQu4GQNwZlE hTBSCWn99qFcL3sxviCPQEOtFKQtm+zIhxzBHU9vXr6u5lvG6jER577tNDDGxQ1jprblad bArK1kDM67XrN9becy4iF7EajBbL5X6UvQmY2a/yFsIUTacd6FH/AU9lQUnVTg== X-Migadu-Scanner: scn1.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=lease-up.com header.s=2017 header.b=RfjfwaXL; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -1.00 X-Spam-Score: -1.00 X-Migadu-Queue-Id: 97B1D115E4 X-TUID: HXaZXTOs2Nut Hi everyone, On Tue, Apr 25, 2023 at 10:04=E2=80=AFAM Saku Laesvuori = wrote: > > Maybe you could remove the packages with setuid-programs from your home > configuration, but really this seems like a bug in guix home to me. Maybe so, but it did not help that we ship an 'su' implementation that, according to the Heindal maintainers, has been obsolete for five years. Their releases are based on a stable branch which means they rely on distributions to drop the executables. (Debian renames them [1] but they are useless without setuid root and may not meet the PAM policy of the local administrator.) Here is a patch that removes the obsolete executables from Guix. [2] Perhaps someone with newly granted committer rights would like to have a look at it. Congratulations, also! I switched to building Heimdal from Git since I was not sure if or when [3] our gnu-build-system runs autogen.sh or any invocation of autoreconf when a ./configure script is already present (in the tarball). Kind regards Felix [1] https://sources.debian.org/src/heimdal/7.8.git20221117.28daf24%2Bdfsg-2= /debian/rules/#L116 [2] https://issues.guix.gnu.org/63545 [3] https://github.com/guix-mirror/guix/blob/c8e599b9391f789a8a3e2183fc8f0c= 2a5061ceb0/gnu/packages/networking.scm#L3250-L3255