From: 路辉 <luhux76@gmail.com>
To: Josselin Poiret <dev@jpoiret.xyz>
Cc: 57881@debbugs.gnu.org
Subject: [bug#57881] [PATCH] gnu: hikari: only allow use setuid hikari-unlocker.
Date: Fri, 23 Sep 2022 02:30:47 +0000 [thread overview]
Message-ID: <CAGNyvegPadnAu0nCixrXwtygj7snTRyiqh=BBS--rTRtgB0DQw@mail.gmail.com> (raw)
In-Reply-To: <87illk8n4f.fsf@jpoiret.xyz>
ok, I will take some time to fix it.
2022-09-18 20:05 GMT, Josselin Poiret <dev@jpoiret.xyz>:
> Hi,
>
> 路辉 <luhux76@gmail.com> writes:
>
>> hikari-unlocker need setuid and pam to work.
>>
>> if hikari exec a non-setuid hikari-unlocker, such as
>> "$HOME/.guix-profile/bin/hikari-unlocker", it will cause hikari's
>> lock-mode can't exit, only can press power button to exit it. :(
>>
>> https://hikari.acmelabs.space/manpage.html
>>
>> https://hub.darcs.net/raichoo/hikari/browse/src/lock_mode.c#71
>> From d1bedbc3c850cf0a60b182999c229079bad9cd99 Mon Sep 17 00:00:00 2001
>> From: Lu Hui <luhux76@gmail.com>
>> Date: Sat, 17 Sep 2022 20:10:34 +0800
>> Subject: [PATCH] gnu: hikari: only allow use setuid hikari-unlocker.
>>
>> * gnu/packages/wm.scm (hikari)
>> [phases]{force-use-setuid-unlocker}: replace "sh -c hikari-unlocker" to
>> "/run/setuid-programs/hikari-unlocker"
>
> On Guix system, /run/setuid-programs/ should be in front of whatever
> profiles you're using in your PATH, otherwise it will be shadowed by
> them. With the default profile loading code in /etc/profile, this
> should be what happens but there might be issues with any non-default
> setup (ie. package not installed in the ~/.guix-profile/).
>
> To be honest, I'm not happy with hardcoding
> /run/setuid-programs/hikari-unlocker, since it won't work on foreign
> distros.
>
> Shouldn't we rather report this issue upstream? I'm under the
> impression that the locker should detect that it isn't running suid and
> not try to query PAM if it isn't able to, and instead fail and display
> an error message or something similar.
>
> Best,
> --
> Josselin Poiret
>
prev parent reply other threads:[~2022-09-23 2:34 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-17 12:23 [bug#57881] [PATCH] gnu: hikari: only allow use setuid hikari-unlocker 路辉
2022-09-18 20:05 ` Josselin Poiret via Guix-patches via
2022-09-23 2:30 ` 路辉 [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGNyvegPadnAu0nCixrXwtygj7snTRyiqh=BBS--rTRtgB0DQw@mail.gmail.com' \
--to=luhux76@gmail.com \
--cc=57881@debbugs.gnu.org \
--cc=dev@jpoiret.xyz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.