GNU bug report logs - #38884
guix system roll-back doesn't roll setuid-programs back

Previous Next

Package: guix;

Reported by: Jakub Kądziołka <kuba <at> kadziolka.net>

Date: Fri, 3 Jan 2020 00:49:02 UTC

Owned by: Jakub Kądziołka <kuba <at> kadziolka.net>

Severity: important

Tags: security

Done: Brice Waegeneire <brice <at> waegenei.re>

Bug is archived. No further changes may be made.

Full log

Message #14 received at 38884 <at> debbugs.gnu.org (full text, mbox):

From: Brice Waegeneire via web <issues.guix.gnu.org <at> elephly.net>
To: 38884 <at> debbugs.gnu.org
Subject: guix system roll-back doesn't roll setuid-programs back
Date: Sun, 20 Sep 2020 22:43:48 +0200

Hello Guix,

"setuid-programs-service" extend the activation script which isn't loaded when rolling-back.

A difference between "reconfigure" and "switch-generation" (of which "roll-back" is just an useful alias) is that the former load the activation script (guix scripts system reconfigure switch-system-program) after switching the profile's symlinks and before installing the bootloader while the latter install the bootloader (guix scripts system switch-to-system-generation) then switch the symlinks (guix profiles switch-to-generation).  Fixing that could be done by loading the activation script after switching profiles, as "reconfigure" does.
I guess that loading the activation script again, on a already running running system, can have side effect but it shouldn't be an issue as it's already done by "reconfigure".

Cheers,
- Brice

This bug report was last modified 4 years and 69 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #38884 guix system roll-back doesn't roll setuid-programs back

GNU bug report logs - #38884
guix system roll-back doesn't roll setuid-programs back