Re: Setuid handling?

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Setuid handling?

From:	Felix Lechner
Subject:	Re: Setuid handling?
Date:	Tue, 16 May 2023 21:37:00 -0700

Hi everyone,

On Tue, Apr 25, 2023 at 10:04 AM Saku Laesvuori <saku@laesvuori.fi> wrote:
>
> Maybe you could remove the packages with setuid-programs from your home
> configuration, but really this seems like a bug in guix home to me.

Maybe so, but it did not help that we ship an 'su' implementation
that, according to the Heindal maintainers, has been obsolete for five
years.

Their releases are based on a stable branch which means they rely on
distributions to drop the executables. (Debian renames them [1] but
they are useless without setuid root and may not meet the PAM policy
of the local administrator.)

Here is a patch that removes the obsolete executables from Guix. [2]
Perhaps someone with newly granted committer rights would like to have
a look at it. Congratulations, also!

I switched to building Heimdal from Git since I was not sure if or
when [3] our gnu-build-system runs autogen.sh or any invocation of
autoreconf when a ./configure script is already present (in the tarball).

Kind regards
Felix

[1] 
https://sources.debian.org/src/heimdal/7.8.git20221117.28daf24%2Bdfsg-2/debian/rules/#L116
[2] https://issues.guix.gnu.org/63545
[3] 
https://github.com/guix-mirror/guix/blob/c8e599b9391f789a8a3e2183fc8f0c2a5061ceb0/gnu/packages/networking.scm#L3250-L3255

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Setuid handling?, Felix Lechner <=

Prev by Date: Re: Order of manifest and overlapping binaries
Next by Date: Re: Contributing Guix Home services
Previous by thread: Order of manifest and overlapping binaries
Next by thread: Re: bug#20255: 'search-paths' should respect both user and system profile.
Index(es):
- Date
- Thread