GNU bug report logs - #38884
guix system roll-back doesn't roll setuid-programs back

Previous Next

Package: guix;

Reported by: Jakub Kądziołka <kuba <at> kadziolka.net>

Date: Fri, 3 Jan 2020 00:49:02 UTC

Owned by: Jakub Kądziołka <kuba <at> kadziolka.net>

Severity: important

Tags: security

Done: Brice Waegeneire <brice <at> waegenei.re>

Bug is archived. No further changes may be made.

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Jakub Kądziołka <kuba <at> kadziolka.net>
To: bug-guix <at> gnu.org
Subject: guix system roll-back doesn't roll setuid-programs back
Date: Fri, 3 Jan 2020 01:48:03 +0100

Steps to reproduce:

1. Add a setuid program to your config:

(setuid-programs (cons*
                   (file-append hello "/bin/hello")
                   %setuid-programs))

2. guix system reconfigure
3. Observe that /run/setuid-programs/hello got created
4. Undo the configuration change
5. guix system reconfigure
6. Observe that /run/setuid-programs/hello no longer exists
7. guix system roll-back

Expected behavior:
/run/setuid-programs/hello appears again

Actual behavior:
/run/setuid-programs/hello still doesn't exist

Similarly, when roll-back is supposed to remove a file, it doesn't.

Previously mentioned in https://debbugs.gnu.org/38800.

Regards,
Jakub Kądziołka
This bug report was last modified 4 years and 70 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.