[gentoo-dev] Re: News item: xorg-server dropping default suid

2020-06-22 Thread Piotr Karbowski
Title: xorg-server dropping default suid
Author: Piotr Karbowski 
Posted: 2020-06-22
Revision: 2
News-Item-Format: 2.0
Display-If-Installed: x11-base/xorg-server

Starting 2020-07-15, x11-base/xorg-server will default to using the
logind interface instead of suid by default. resulting in better
security by default through running the server as a regular user instead
of root. However, this will require our users to use a logind provider
such as elogind or systemd. The systemd users and those who are not
using systemd but use desktop profiles can stop reading here, as they
already have a logind provider enabled.

Others, who have neither systemd or desktop profiles enabled will be
required to globally enable 'elogind' USE flag and update the system

    # emerge --newuse @world

Afterwards, one will need to re-login, so the PAM can assign a seat. One
can confirm that a seat has been assigned upon login by running:

    $ loginctl user-status

Users who do not wish to use logind interface or have rare hardware that
does not use KMS and because of that, require root privileges to
operate, can manually re-enable 'suid' and disable 'elogind' USE flags
in order to preserve the previous behavior. However, please note that
this is heavily discouraged to run X server as root due to security
reasons. The 'suid' USE flag will remain as optional opt-in for the need
of legacy hardware.




signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] [PATCH] unpacker.eclass: call BUILD_AR when unpacking deb files

2020-06-22 Thread Sergei Trofimovich
On Mon, 22 Jun 2020 11:10:55 -0400
Mike Gilbert  wrote:

> Closes: https://bugs.gentoo.org/722054
> Signed-off-by: Mike Gilbert 
> ---
>  eclass/unpacker.eclass | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/eclass/unpacker.eclass b/eclass/unpacker.eclass
> index 865e2e1a1a58..63aedee4480e 100644
> --- a/eclass/unpacker.eclass
> +++ b/eclass/unpacker.eclass
> @@ -17,6 +17,8 @@
>  if [[ -z ${_UNPACKER_ECLASS} ]]; then
>  _UNPACKER_ECLASS=1
>  
> +inherit toolchain-funcs
> +
>  # @ECLASS-VARIABLE: UNPACKER_BZ2
>  # @DEFAULT_UNSET
>  # @DESCRIPTION:
> @@ -279,8 +281,7 @@ unpack_deb() {
>   done
>   } < "${deb}"
>   else
> - local AR=${AR-ar}
> - ${AR} x "${deb}" || die
> + $(tc-getBUILD_AR) x "${deb}" || die
>   fi
>  
>   unpacker ./data.tar*
> -- 
> 2.27.0

Looks good!

-- 

  Sergei



Re: [gentoo-dev] Re: News item: xorg-server dropping default suid

2020-06-22 Thread Piotr Karbowski
Hi,

On 21/06/2020 22.27, Michał Górny wrote:
> No offense but it sounds a little chaotic to me.

Which is the reasons we do those reviews. Appreciate the suggestions,
just sent revision 2 as the response to the very first email in this
thread, please check how it looks now.

-- Piotr.



signature.asc
Description: OpenPGP digital signature


[gentoo-dev] Re: News item: xorg-server dropping default suid

2020-06-22 Thread Robin H. Johnson
On Sun, Jun 21, 2020 at 09:22:37PM +0200, Piotr Karbowski wrote:
> Hi,
> 
> Please find news item attached.
I feel that this news item should ALSO remind people that consolekit is
deprecated per a news item a few months ago:

News Item v3: Desktop profile switching USE default to elogind

xorg-server[elogind] forces sys-auth/pambase[elogind]
and users who previously had USE='-systemd -elogind' probably have
USE=consolekit set.

-- 
Robin Hugh Johnson
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer
E-Mail   : robb...@gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136


signature.asc
Description: PGP signature


Re: [gentoo-portage-dev] [PATCH 2/2] Support PORTAGE_LOG_FILTER_FILE_CMD (bug 709746)

2020-06-22 Thread Zac Medico
On 6/22/20 7:46 AM, Brian Dolbec wrote:
> 
> That's a lot of code...but I couldn't spot anything wrong, so looks good

Thanks, merged:

https://gitweb.gentoo.org/proj/portage.git/commit/?id=dd69ce742c62b9515cf7ae37e46bcf7f178777db
-- 
Thanks,
Zac



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] Re: News item: xorg-server dropping default suid

2020-06-22 Thread Piotr Karbowski
Hi,

On 22/06/2020 06.03, Philip Webb wrote:
[...]
> I don't want to use 'systemd', as I want to run a traditional UNIX version
> of Linux + KDE (or Fluxbox) for a simple single-user desktop system.

Then... don't use systemd? I officially give you my approval for that.
Read what you quoted in your email, elogind is standalone package.

The elogind does work normally in the configuration with OpenRC and startx.

> So i ask again : Why is running 'xorg-server' as root "heavily discouraged" ?
It's common sense to run software with the least privileges they
require, so if new attack vector is discovered, perhaps there will be no
escalation surface to make use of it.

-- Piotr.



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] Re: News item: xorg-server dropping default suid

2020-06-22 Thread Philip Webb
200622 Piotr Karbowski wrote:
> On 22/06/2020 06.03, Philip Webb wrote:
> [...]
>> I don't want to use 'systemd', as I want to run a traditional UNIX version
>> of Linux + KDE (or Fluxbox) for a simple single-user desktop system.
> Then... don't use systemd !  I officially give you my approval for that.
> Read what you quoted in your email, elogind is standalone package.
> Elogind does work normally in the configuration with OpenRC and startx.

Ah, it cb used with 'startx', which is vital for me.

>> So again : Why is running 'xorg-server' as root "heavily discouraged" ?
> It's common sense to run software with the least privileges they require,
> so if new attack vector is discovered,
> perhaps there will be no escalation surface to make use of it.

OK, understood.  It doesn't look as if there's any genuine danger
in continuing to use 'xorg-server' with 'suid' on my single-user system,
but if it really is as straightforward to use 'elogind' instead,
I may decide to change to that method for the reason you offer.

Thanks for your explanation & to all the devs for their unpaid labors.

-- 
,,
SUPPORT ___//___,   Philip Webb
ELECTRIC   /] [] [] [] [] []|   Cities Centre, University of Toronto
TRANSIT`-O--O---'   purslowatcadotinterdotnet




Re: [gentoo-portage-dev] [PATCH 1/2] PipeLogger: non-blocking write to pipe (bug 709746)

2020-06-22 Thread Brian Dolbec
On Fri, 19 Jun 2020 13:39:18 -0700
Zac Medico  wrote:

> Add support to write to a non-blocking pipe instead of a
> log file. This is needed for the purposes of bug 709746,
> where PipeLogger will write to a pipe that is drained
> by anoher PipeLogger instance which is running in the same
> process.
> 
> Bug: https://bugs.gentoo.org/709746
> Signed-off-by: Zac Medico 
> ---
>  lib/portage/tests/process/test_PipeLogger.py | 58 
>  lib/portage/util/_async/PipeLogger.py| 73
> +++- 2 files changed, 115 insertions(+), 16
> deletions(-) create mode 100644
> lib/portage/tests/process/test_PipeLogger.py
> 
> diff --git a/lib/portage/tests/process/test_PipeLogger.py
> b/lib/portage/tests/process/test_PipeLogger.py new file mode 100644
> index 0..2bd94cf39
> --- /dev/null
> +++ b/lib/portage/tests/process/test_PipeLogger.py
> @@ -0,0 +1,58 @@
> +# Copyright 2020 Gentoo Authors
> +# Distributed under the terms of the GNU General Public License v2
> +
> +from portage import os
> +from portage.tests import TestCase
> +from portage.util._async.PipeLogger import PipeLogger
> +from portage.util.futures import asyncio
> +from portage.util.futures._asyncio.streams import _reader, _writer
> +from portage.util.futures.compat_coroutine import coroutine,
> coroutine_return +from portage.util.futures.unix_events import
> _set_nonblocking +
> +
> +class PipeLoggerTestCase(TestCase):
> +
> + @coroutine
> + def _testPipeLoggerToPipe(self, test_string, loop=None):
> + """
> + Test PipeLogger writing to a pipe connected to a
> PipeReader.
> + This verifies that PipeLogger does not deadlock when
> writing
> + to a pipe that's drained by a PipeReader running in
> the same
> + process (requires non-blocking write).
> + """
> +
> + input_fd, writer_pipe = os.pipe()
> + _set_nonblocking(writer_pipe)
> + writer_pipe = os.fdopen(writer_pipe, 'wb', 0)
> + writer = asyncio.ensure_future(_writer(writer_pipe,
> test_string.encode('ascii'), loop=loop), loop=loop)
> + writer.add_done_callback(lambda writer:
> writer_pipe.close()) +
> + pr, pw = os.pipe()
> +
> + consumer = PipeLogger(background=True,
> + input_fd=input_fd,
> + log_file_path=os.fdopen(pw, 'wb', 0),
> + scheduler=loop)
> + consumer.start()
> +
> + # Before starting the reader, wait here for a
> moment, in order
> + # to exercise PipeLogger's handling of EAGAIN during
> write.
> + yield asyncio.wait([writer], timeout=0.01)
> +
> + reader = _reader(pr, loop=loop)
> + yield writer
> + content = yield reader
> + yield consumer.async_wait()
> +
> + self.assertEqual(consumer.returncode, os.EX_OK)
> +
> + coroutine_return(content.decode('ascii', 'replace'))
> +
> + def testPipeLogger(self):
> + loop = asyncio._wrap_loop()
> +
> + for x in (1, 2, 5, 6, 7, 8, 2**5, 2**10, 2**12,
> 2**13, 2**14, 2**17, 2**17 + 1):
> + test_string = x * "a"
> + output =
> loop.run_until_complete(self._testPipeLoggerToPipe(test_string,
> loop=loop))
> + self.assertEqual(test_string, output,
> + "x = %s, len(output) = %s" % (x,
> len(output))) diff --git a/lib/portage/util/_async/PipeLogger.py
> b/lib/portage/util/_async/PipeLogger.py index a4258f350..ce8afb846
> 100644 --- a/lib/portage/util/_async/PipeLogger.py
> +++ b/lib/portage/util/_async/PipeLogger.py
> @@ -8,6 +8,10 @@ import sys
>  
>  import portage
>  from portage import os, _encodings, _unicode_encode
> +from portage.util.futures import asyncio
> +from portage.util.futures._asyncio.streams import _writer
> +from portage.util.futures.compat_coroutine import coroutine
> +from portage.util.futures.unix_events import _set_nonblocking
>  from _emerge.AbstractPollTask import AbstractPollTask
>  
>  class PipeLogger(AbstractPollTask):
> @@ -21,13 +25,16 @@ class PipeLogger(AbstractPollTask):
>   """
>  
>   __slots__ = ("input_fd", "log_file_path", "stdout_fd") + \
> - ("_log_file", "_log_file_real")
> + ("_io_loop_task", "_log_file", "_log_file_nb",
> "_log_file_real") 
>   def _start(self):
>  
>   log_file_path = self.log_file_path
> - if log_file_path is not None:
> -
> + if hasattr(log_file_path, 'write'):
> + self._log_file_nb = True
> + self._log_file = log_file_path
> + _set_nonblocking(self._log_file.fileno())
> + elif log_file_path is not None:
>   self._log_file =
> open(_unicode_encode(log_file_path, encoding=_encodings['fs'],
> errors='strict'), mode='ab') if 

Re: [gentoo-portage-dev] [PATCH 2/2] Support PORTAGE_LOG_FILTER_FILE_CMD (bug 709746)

2020-06-22 Thread Brian Dolbec
On Fri, 19 Jun 2020 13:39:19 -0700
Zac Medico  wrote:

> This variable specifies a command that filters build log output to a
> log file. The plan is to extend this to support a separate filter for
> tty output in the future.
> 
> In order to enable the EbuildPhase class to write elog messages to
> the build log with PORTAGE_LOG_FILTER_FILE_CMD support, convert its
> _elog method to a coroutine, and add a SchedulerInterface async_output
> method for it to use.
> 
> Use a new BuildLogger class to manage log output (with or without a
> filter command), with compression support provided by PipeLogger.
> BuildLogger has a stdin property which provides access to a writable
> binary file stream (refers to a pipe) that log content is written to.
> 
> Bug: https://bugs.gentoo.org/709746
> Signed-off-by: Zac Medico 
> ---
>  lib/_emerge/AbstractEbuildProcess.py  |   3 +-
>  lib/_emerge/BinpkgFetcher.py  |   3 +-
>  lib/_emerge/EbuildFetcher.py  |   3 +-
>  lib/_emerge/EbuildPhase.py|  47 ++--
>  lib/_emerge/SpawnProcess.py   |  58 +++---
>  lib/portage/dbapi/_MergeProcess.py|   3 +-
>  .../ebuild/_config/special_env_vars.py|   8 +-
>  lib/portage/util/_async/BuildLogger.py| 109
> ++ lib/portage/util/_async/SchedulerInterface.py |
> 32 - man/make.conf.5   |   7 +-
>  10 files changed, 243 insertions(+), 30 deletions(-)
>  create mode 100644 lib/portage/util/_async/BuildLogger.py
> 
> diff --git a/lib/_emerge/AbstractEbuildProcess.py
> b/lib/_emerge/AbstractEbuildProcess.py index 1c1955cfe..ae1aae55f
> 100644 --- a/lib/_emerge/AbstractEbuildProcess.py
> +++ b/lib/_emerge/AbstractEbuildProcess.py
> @@ -1,4 +1,4 @@
> -# Copyright 1999-2019 Gentoo Foundation
> +# Copyright 1999-2020 Gentoo Authors
>  # Distributed under the terms of the GNU General Public License v2
>  
>  import errno
> @@ -196,6 +196,7 @@ class AbstractEbuildProcess(SpawnProcess):
>   null_fd = os.open('/dev/null', os.O_RDONLY)
>   self.fd_pipes[0] = null_fd
>  
> + self.log_filter_file =
> self.settings.get('PORTAGE_LOG_FILTER_FILE_CMD') try:
>   SpawnProcess._start(self)
>   finally:
> diff --git a/lib/_emerge/BinpkgFetcher.py
> b/lib/_emerge/BinpkgFetcher.py index 36d027de3..2e5861cc1 100644
> --- a/lib/_emerge/BinpkgFetcher.py
> +++ b/lib/_emerge/BinpkgFetcher.py
> @@ -1,4 +1,4 @@
> -# Copyright 1999-2018 Gentoo Foundation
> +# Copyright 1999-2020 Gentoo Authors
>  # Distributed under the terms of the GNU General Public License v2
>  
>  import functools
> @@ -158,6 +158,7 @@ class _BinpkgFetcherProcess(SpawnProcess):
>   self.env = fetch_env
>   if settings.selinux_enabled():
>   self._selinux_type =
> settings["PORTAGE_FETCH_T"]
> + self.log_filter_file =
> settings.get('PORTAGE_LOG_FILTER_FILE_CMD') SpawnProcess._start(self)
>  
>   def _pipe(self, fd_pipes):
> diff --git a/lib/_emerge/EbuildFetcher.py
> b/lib/_emerge/EbuildFetcher.py index 1e40994fb..55349c33c 100644
> --- a/lib/_emerge/EbuildFetcher.py
> +++ b/lib/_emerge/EbuildFetcher.py
> @@ -1,4 +1,4 @@
> -# Copyright 1999-2018 Gentoo Foundation
> +# Copyright 1999-2020 Gentoo Authors
>  # Distributed under the terms of the GNU General Public License v2
>  
>  import copy
> @@ -225,6 +225,7 @@ class _EbuildFetcherProcess(ForkProcess):
>   settings["NOCOLOR"] = nocolor
>  
>   self._settings = settings
> + self.log_filter_file =
> settings.get('PORTAGE_LOG_FILTER_FILE_CMD') ForkProcess._start(self)
>  
>   # Free settings now since it's no longer needed in
> diff --git a/lib/_emerge/EbuildPhase.py b/lib/_emerge/EbuildPhase.py
> index 477e0ba97..ddb3dc719 100644
> --- a/lib/_emerge/EbuildPhase.py
> +++ b/lib/_emerge/EbuildPhase.py
> @@ -26,6 +26,8 @@ from portage.package.ebuild.prepare_build_dirs
> import (_prepare_workdir, from portage.util.futures.compat_coroutine
> import coroutine from portage.util import writemsg
>  from portage.util._async.AsyncTaskFuture import AsyncTaskFuture
> +from portage.util._async.BuildLogger import BuildLogger
> +from portage.util.futures import asyncio
>  from portage.util.futures.executor.fork import ForkExecutor
>  
>  try:
> @@ -69,6 +71,11 @@ class EbuildPhase(CompositeTask):
>   _locked_phases = ("setup", "preinst", "postinst", "prerm",
> "postrm") 
>   def _start(self):
> + future = asyncio.ensure_future(self._async_start(),
> loop=self.scheduler)
> + self._start_task(AsyncTaskFuture(future=future),
> self._async_start_exit) +
> + @coroutine
> + def _async_start(self):
>  
>   need_builddir = self.phase not in
> EbuildProcess._phases_without_builddir 
> @@ -126,7 +133,7 @@ class EbuildPhase(CompositeTask):
>   # Force 

[gentoo-dev] [PATCH] unpacker.eclass: call BUILD_AR when unpacking deb files

2020-06-22 Thread Mike Gilbert
Closes: https://bugs.gentoo.org/722054
Signed-off-by: Mike Gilbert 
---
 eclass/unpacker.eclass | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/eclass/unpacker.eclass b/eclass/unpacker.eclass
index 865e2e1a1a58..63aedee4480e 100644
--- a/eclass/unpacker.eclass
+++ b/eclass/unpacker.eclass
@@ -17,6 +17,8 @@
 if [[ -z ${_UNPACKER_ECLASS} ]]; then
 _UNPACKER_ECLASS=1
 
+inherit toolchain-funcs
+
 # @ECLASS-VARIABLE: UNPACKER_BZ2
 # @DEFAULT_UNSET
 # @DESCRIPTION:
@@ -279,8 +281,7 @@ unpack_deb() {
done
} < "${deb}"
else
-   local AR=${AR-ar}
-   ${AR} x "${deb}" || die
+   $(tc-getBUILD_AR) x "${deb}" || die
fi
 
unpacker ./data.tar*
-- 
2.27.0