Re: [Nix-dev] NixOS 17.03 Beta, 16.09 Security Support Timeline

2017-03-14 Thread Oliver Charles
Linus Heckemann writes: > On 09/03/17 10:26, Oliver Charles wrote: >> sudo: /run/current-system/sw/bin/sudo must be owned by uid 0 and have >> the setuid bit set > > Are you just adding sudo to systemPackages rather than using the option > security.sudo.enable? Nope, I'm

Re: [Nix-dev] NixOS 17.03 Beta, 16.09 Security Support Timeline

2017-03-09 Thread Linus Heckemann
On 09/03/17 10:26, Oliver Charles wrote: > sudo: /run/current-system/sw/bin/sudo must be owned by uid 0 and have > the setuid bit set Are you just adding sudo to systemPackages rather than using the option security.sudo.enable? ___ nix-dev mailing list

Re: [Nix-dev] NixOS 17.03 Beta, 16.09 Security Support Timeline

2017-03-08 Thread Domen Kožar
https://github.com/NixOS/nixpkgs/issues/19862#issuecomment-283732486 On Wed, Mar 8, 2017 at 10:16 AM, Thomas Hunger wrote: > Hi Graham, > > I tried reproducing the nixos-rebuild switch issue for setuid wrappers > without success: Can you point me to an issue, or give a hint

Re: [Nix-dev] NixOS 17.03 Beta, 16.09 Security Support Timeline

2017-03-08 Thread Thomas Hunger
Hi Graham, I tried reproducing the nixos-rebuild switch issue for setuid wrappers without success: Can you point me to an issue, or give a hint for what you mean by "break setuid binaries"? I'd like to fix this but don't yet understand what's going on. ~ On 5 March 2017 at 15:25, Graham

Re: [Nix-dev] NixOS 17.03 Beta, 16.09 Security Support Timeline

2017-03-06 Thread Nikolay Amiantov
Hi, On 03/06/2017 04:03 PM, Eelco Dolstra wrote: Hm, that seems like a pretty critical bug that we should fix before release. Maybe we should simply revert the path of the setuid wrappers? I'm interested in retaining those changes so if you are okay with that I can look into making transition

Re: [Nix-dev] NixOS 17.03 Beta, 16.09 Security Support Timeline

2017-03-06 Thread Eelco Dolstra
Hi, On 03/05/2017 04:25 PM, Graham Christensen wrote: > Note: Don't use nixos-rebuild switch. The path to setuid wrappers has > changed, and using switch will break setuid binaries (like sudo, ping, > etc.) until you reboot. Hm, that seems like a pretty critical bug that we should fix before

Re: [Nix-dev] NixOS 17.03 Beta, 16.09 Security Support Timeline

2017-03-05 Thread Nikolay Amiantov
Hi, On 03/05/2017 06:25 PM, Graham Christensen wrote: Note: Don't use nixos-rebuild switch. The path to setuid wrappers has changed, and using switch will break setuid binaries (like sudo, ping, etc.) until you reboot. I think one can also restart his/her shell to update environment variables

[Nix-dev] NixOS 17.03 Beta, 16.09 Security Support Timeline

2017-03-05 Thread Graham Christensen
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello, In my most recent roundup email, I included information about 17.03, 16.09, and the security support timeline. It was somewhat buried in the otherwise very standard message, so I'm sending just that information. NixOS 17.03 has entered