01/11: system: Disallow file-like setuid-programs.

Sun, 18 Aug 2024 04:41:35 -0700 

nckx pushed a commit to branch master
in repository guix.

commit 0dffb851e0feced94742ad024f245b925c503fa2
Author: Tobias Geerinckx-Rice <[email protected]>
AuthorDate: Sun Oct 23 02:00:00 2022 +0200

    system: Disallow file-like setuid-programs.
    
    It has been a warning for well over a year now.  Now, with
    privileged-programs coming, don't let's support nested deprecation
    hacks.
    
    * gnu/system.scm (<operating-system>):
    Don't ‘sanitize’ the setuid-programs field.
    (ensure-setuid-program-list): Delete syntax.
    (%ensure-setuid-program-list): Delete variable.
---
 gnu/system.scm | 28 +---------------------------
 1 file changed, 1 insertion(+), 27 deletions(-)

diff --git a/gnu/system.scm b/gnu/system.scm
index c76f4d7c50..5c18edd620 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -302,8 +302,7 @@ VERSION is the target version of the boot-parameters 
record."
   (pam-services operating-system-pam-services     ; list of PAM services
                 (default (base-pam-services)))
   (setuid-programs operating-system-setuid-programs
-                   (default %setuid-programs)     ; list of <setuid-program>
-                   (sanitize ensure-setuid-program-list))
+                   (default %setuid-programs))    ; list of <setuid-program>
 
   (sudoers-file operating-system-sudoers-file     ; file-like
                 (default %sudoers-specification))
@@ -1240,31 +1239,6 @@ use 'plain-file' instead~%")
     ;; when /etc/machine-id is missing.  Make sure these warnings are 
non-fatal.
     ("DBUS_FATAL_WARNINGS" . "0")))
 
-;; Ensure LST is a list of <setuid-program> records and warn otherwise.
-(define-with-syntax-properties (ensure-setuid-program-list (lst properties))
-  (%ensure-setuid-program-list lst properties))
-
-;; We want to be able to use defines, so define a procedure.
-(define (%ensure-setuid-program-list lst properties)
-  (define warned? #f)
-
-  (define (warn-once)
-    (unless warned?
-      (warning (source-properties->location properties)
-               (G_ "representing setuid programs with file-like objects is \
-deprecated; use 'setuid-program' instead~%"))
-      (set! warned? #t)))
-
-  (map (match-lambda
-         ((? setuid-program? program)
-          program)
-         (program
-          ;; PROGRAM is a file-like or a gexp like #~(string-append #$foo
-          ;; "/bin/bar").
-          (warn-once)
-          (setuid-program (program program))))
-       lst))
-
 (define %setuid-programs
   ;; Default set of setuid-root programs.
   (let ((shadow (@ (gnu packages admin) shadow)))

Reply via email to