subject:"bug#31814\: setuid programs are not first in PATH"

bug#31814: setuid programs are not first in PATH

2018-06-19 Thread Clément Lassieur

Ludovic Courtès  writes:

> Hello,
>
> Clément Lassieur  skribis:
>
>> Ludovic Courtès  writes:
>
> [...]
>
>>> diff --git a/gnu/system.scm b/gnu/system.scm
>>> index 7cb12a827..d367307a2 100644
>>> --- a/gnu/system.scm
>>> +++ b/gnu/system.scm
>>> @@ -616,9 +616,6 @@ unset PATH
>>>  GUIX_PROFILE=/run/current-system/profile ; \\
>>>  . /run/current-system/profile/etc/profile
>>>  
>>> -# Prepend setuid programs.
>>> -export PATH=/run/setuid-programs:$PATH
>>> -
>>>  # Since 'lshd' does not use pam_env, /etc/environment must be explicitly
>>>  # loaded when someone logs in via SSH.  See .
>>>  # We need 'PATH' to be defined here, for 'cat' and 'cut'.  Do this before
>>> @@ -645,6 +642,9 @@ do
>>>fi
>>>  done
>>>  
>>> +# Prepend setuid programs.
>>> +export PATH=/run/setuid-programs:$PATH
>>> +
>>>  # Arrange so that ~/.config/guix/current/share/info comes first.
>>>  export INFOPATH=\"$HOME/.config/guix/current/share/info:$INFOPATH\"
>>
>> Yes this sounds good.
>
> Pushed as a854525a34c42622a3945ffeb36781ae48a8267e.

Thank you!

Clément

bug#31814: setuid programs are not first in PATH

2018-06-19 Thread Ludovic Courtès

Hello,

Clément Lassieur  skribis:

> Ludovic Courtès  writes:

[...]

>> diff --git a/gnu/system.scm b/gnu/system.scm
>> index 7cb12a827..d367307a2 100644
>> --- a/gnu/system.scm
>> +++ b/gnu/system.scm
>> @@ -616,9 +616,6 @@ unset PATH
>>  GUIX_PROFILE=/run/current-system/profile ; \\
>>  . /run/current-system/profile/etc/profile
>>  
>> -# Prepend setuid programs.
>> -export PATH=/run/setuid-programs:$PATH
>> -
>>  # Since 'lshd' does not use pam_env, /etc/environment must be explicitly
>>  # loaded when someone logs in via SSH.  See .
>>  # We need 'PATH' to be defined here, for 'cat' and 'cut'.  Do this before
>> @@ -645,6 +642,9 @@ do
>>fi
>>  done
>>  
>> +# Prepend setuid programs.
>> +export PATH=/run/setuid-programs:$PATH
>> +
>>  # Arrange so that ~/.config/guix/current/share/info comes first.
>>  export INFOPATH=\"$HOME/.config/guix/current/share/info:$INFOPATH\"
>
> Yes this sounds good.

Pushed as a854525a34c42622a3945ffeb36781ae48a8267e.

Thanks,
Ludo’.

bug#31814: setuid programs are not first in PATH

2018-06-18 Thread Marius Bakke

l...@gnu.org (Ludovic Courtès) writes:

> In the example you give (inetutils), I suppose users want
> /run/setuid-programs/ping to come first.  I wonder if there are
> situations where the current behavior is desirable; maybe not.

The only cases I can think of involve 'sudo'.

But it's easier to work around that, than the other way around.


signature.asc
Description: PGP signature

bug#31814: setuid programs are not first in PATH

2018-06-17 Thread Clément Lassieur

Hello Ludovic,

Ludovic Courtès  writes:

> Hello Clément,
>
> Clément Lassieur  skribis:
>
>> sourcing /etc/profile
>>
>> - prepends /run/setuid-programs to $PATH
>> - then sources $HOME/.guix-profile/etc/profile
>>
>> and sourcing $HOME/.guix-profile/etc/profile
>>
>> - prepends $HOME/.guix-profile/bin to $PATH
>> - prepends $HOME/.guix-profile/sbin to $PATH
>>
>> so in the end, $PATH looks like:
>>
>> ~/.config/guix/current/bin:~/.guix-profile/bin:~/.guix-profile/sbin:/run/setuid-programs:...
>>
>> and a command like 'ping' is found in ~/.guix-profile/bin, which makes
>> it unusable.
>
> AFAICS this is not a regression, but it can be fixed this way:

No it's not a regression.  I've had the fix locally for a long time.

> diff --git a/gnu/system.scm b/gnu/system.scm
> index 7cb12a827..d367307a2 100644
> --- a/gnu/system.scm
> +++ b/gnu/system.scm
> @@ -616,9 +616,6 @@ unset PATH
>  GUIX_PROFILE=/run/current-system/profile ; \\
>  . /run/current-system/profile/etc/profile
>  
> -# Prepend setuid programs.
> -export PATH=/run/setuid-programs:$PATH
> -
>  # Since 'lshd' does not use pam_env, /etc/environment must be explicitly
>  # loaded when someone logs in via SSH.  See .
>  # We need 'PATH' to be defined here, for 'cat' and 'cut'.  Do this before
> @@ -645,6 +642,9 @@ do
>fi
>  done
>  
> +# Prepend setuid programs.
> +export PATH=/run/setuid-programs:$PATH
> +
>  # Arrange so that ~/.config/guix/current/share/info comes first.
>  export INFOPATH=\"$HOME/.config/guix/current/share/info:$INFOPATH\"

Yes this sounds good.

> In the example you give (inetutils), I suppose users want
> /run/setuid-programs/ping to come first.  I wonder if there are
> situations where the current behavior is desirable; maybe not.
>
> Thoughts?

I can't think of any situations where the current behavior is desirable.

Thank you,
Clément

bug#31814: setuid programs are not first in PATH

2018-06-17 Thread Ludovic Courtès

Hello Clément,

Clément Lassieur  skribis:

> sourcing /etc/profile
>
> - prepends /run/setuid-programs to $PATH
> - then sources $HOME/.guix-profile/etc/profile
>
> and sourcing $HOME/.guix-profile/etc/profile
>
> - prepends $HOME/.guix-profile/bin to $PATH
> - prepends $HOME/.guix-profile/sbin to $PATH
>
> so in the end, $PATH looks like:
>
> ~/.config/guix/current/bin:~/.guix-profile/bin:~/.guix-profile/sbin:/run/setuid-programs:...
>
> and a command like 'ping' is found in ~/.guix-profile/bin, which makes
> it unusable.

AFAICS this is not a regression, but it can be fixed this way:

diff --git a/gnu/system.scm b/gnu/system.scm
index 7cb12a827..d367307a2 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -616,9 +616,6 @@ unset PATH
 GUIX_PROFILE=/run/current-system/profile ; \\
 . /run/current-system/profile/etc/profile
 
-# Prepend setuid programs.
-export PATH=/run/setuid-programs:$PATH
-
 # Since 'lshd' does not use pam_env, /etc/environment must be explicitly
 # loaded when someone logs in via SSH.  See .
 # We need 'PATH' to be defined here, for 'cat' and 'cut'.  Do this before
@@ -645,6 +642,9 @@ do
   fi
 done
 
+# Prepend setuid programs.
+export PATH=/run/setuid-programs:$PATH
+
 # Arrange so that ~/.config/guix/current/share/info comes first.
 export INFOPATH=\"$HOME/.config/guix/current/share/info:$INFOPATH\"
 

In the example you give (inetutils), I suppose users want
/run/setuid-programs/ping to come first.  I wonder if there are
situations where the current behavior is desirable; maybe not.

Thoughts?

Thanks,
Ludo’.

bug#31814: setuid programs are not first in PATH

2018-06-16 Thread Clément Lassieur

Ricardo Wurmus  writes:

> What package in your profile provides “ping”?

inetutils

bug#31814: setuid programs are not first in PATH

2018-06-16 Thread Ricardo Wurmus



Clément Lassieur  writes:

> Hi,
>
> sourcing /etc/profile
>
> - prepends /run/setuid-programs to $PATH
> - then sources $HOME/.guix-profile/etc/profile
>
> and sourcing $HOME/.guix-profile/etc/profile
>
> - prepends $HOME/.guix-profile/bin to $PATH
> - prepends $HOME/.guix-profile/sbin to $PATH
>
> so in the end, $PATH looks like:
>
> ~/.config/guix/current/bin:~/.guix-profile/bin:~/.guix-profile/sbin:/run/setuid-programs:...
>
> and a command like 'ping' is found in ~/.guix-profile/bin, which makes
> it unusable.

What package in your profile provides “ping”?

-- 
Ricardo

bug#31814: setuid programs are not first in PATH

2018-06-14 Thread Joshua Branson

Clément Lassieur  writes:

> Joshua Branson  writes:
>
>> Clément Lassieur  writes:
>>
>>> Hi,
>>>
>>> sourcing /etc/profile
>>>
>>> - prepends /run/setuid-programs to $PATH
>>> - then sources $HOME/.guix-profile/etc/profile
>>>
>>> and sourcing $HOME/.guix-profile/etc/profile
>>>
>>> - prepends $HOME/.guix-profile/bin to $PATH
>>> - prepends $HOME/.guix-profile/sbin to $PATH
>>>
>>> so in the end, $PATH looks like:
>>>
>>> ~/.config/guix/current/bin:~/.guix-profile/bin:~/.guix-profile/sbin:/run/setuid-programs:...
>>>
>>> and a command like 'ping' is found in ~/.guix-profile/bin, which makes
>>> it unusable.
>>
>> I'm probably being really silly, but shouldn't it still work?  I mean
>> ~/.guix-profile/bin is still in your path right?
>
> Yes, but ~/.guix-profile/bin/ping (which is the one being chosen)
> doesn't have the setuid flag, so it doesn't work.

Oh.  I didn't realize that the ping command was a setuid program.  cool.

bug#31814: setuid programs are not first in PATH

2018-06-13 Thread Clément Lassieur

Joshua Branson  writes:

> Clément Lassieur  writes:
>
>> Hi,
>>
>> sourcing /etc/profile
>>
>> - prepends /run/setuid-programs to $PATH
>> - then sources $HOME/.guix-profile/etc/profile
>>
>> and sourcing $HOME/.guix-profile/etc/profile
>>
>> - prepends $HOME/.guix-profile/bin to $PATH
>> - prepends $HOME/.guix-profile/sbin to $PATH
>>
>> so in the end, $PATH looks like:
>>
>> ~/.config/guix/current/bin:~/.guix-profile/bin:~/.guix-profile/sbin:/run/setuid-programs:...
>>
>> and a command like 'ping' is found in ~/.guix-profile/bin, which makes
>> it unusable.
>
> I'm probably being really silly, but shouldn't it still work?  I mean
> ~/.guix-profile/bin is still in your path right?

Yes, but ~/.guix-profile/bin/ping (which is the one being chosen)
doesn't have the setuid flag, so it doesn't work.

bug#31814: setuid programs are not first in PATH

2018-06-13 Thread Julien Lepiller


Le 2018-06-13 17:05, Joshua Branson a écrit :

Clément Lassieur  writes:


Hi,

sourcing /etc/profile

- prepends /run/setuid-programs to $PATH
- then sources $HOME/.guix-profile/etc/profile

and sourcing $HOME/.guix-profile/etc/profile

- prepends $HOME/.guix-profile/bin to $PATH
- prepends $HOME/.guix-profile/sbin to $PATH

so in the end, $PATH looks like:

~/.config/guix/current/bin:~/.guix-profile/bin:~/.guix-profile/sbin:/run/setuid-programs:...

and a command like 'ping' is found in ~/.guix-profile/bin, which makes
it unusable.


I'm probably being really silly, but shouldn't it still work?  I mean
~/.guix-profile/bin is still in your path right?


The ping from ~/.guix-profile/bin is not setuid, contrary to the ping in
/run/setuid-programs. This is necessary for users to run ping.





Clément

bug#31814: setuid programs are not first in PATH

2018-06-13 Thread Joshua Branson

Clément Lassieur  writes:

> Hi,
>
> sourcing /etc/profile
>
> - prepends /run/setuid-programs to $PATH
> - then sources $HOME/.guix-profile/etc/profile
>
> and sourcing $HOME/.guix-profile/etc/profile
>
> - prepends $HOME/.guix-profile/bin to $PATH
> - prepends $HOME/.guix-profile/sbin to $PATH
>
> so in the end, $PATH looks like:
>
> ~/.config/guix/current/bin:~/.guix-profile/bin:~/.guix-profile/sbin:/run/setuid-programs:...
>
> and a command like 'ping' is found in ~/.guix-profile/bin, which makes
> it unusable.

I'm probably being really silly, but shouldn't it still work?  I mean
~/.guix-profile/bin is still in your path right?

>
> Clément

bug#31814: setuid programs are not first in PATH

2018-06-13 Thread Clément Lassieur

Hi,

sourcing /etc/profile

- prepends /run/setuid-programs to $PATH
- then sources $HOME/.guix-profile/etc/profile

and sourcing $HOME/.guix-profile/etc/profile

- prepends $HOME/.guix-profile/bin to $PATH
- prepends $HOME/.guix-profile/sbin to $PATH

so in the end, $PATH looks like:

~/.config/guix/current/bin:~/.guix-profile/bin:~/.guix-profile/sbin:/run/setuid-programs:...

and a command like 'ping' is found in ~/.guix-profile/bin, which makes
it unusable.

Clément

bug#31814: setuid programs are not first in PATH

bug#31814: setuid programs are not first in PATH

bug#31814: setuid programs are not first in PATH

bug#31814: setuid programs are not first in PATH

bug#31814: setuid programs are not first in PATH

bug#31814: setuid programs are not first in PATH

bug#31814: setuid programs are not first in PATH

bug#31814: setuid programs are not first in PATH

bug#31814: setuid programs are not first in PATH

bug#31814: setuid programs are not first in PATH

bug#31814: setuid programs are not first in PATH

bug#31814: setuid programs are not first in PATH

12 matches

Site Navigation

Mail list logo

Footer information