From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 28 03:01:51 2020 Received: (at submit) by debbugs.gnu.org; 28 Apr 2020 07:01:51 +0000 Received: from localhost ([127.0.0.1]:38684 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jTKFb-0005aj-AD for submit@debbugs.gnu.org; Tue, 28 Apr 2020 03:01:51 -0400 Received: from lists.gnu.org ([209.51.188.17]:52182) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jTKFa-0005ac-IM for submit@debbugs.gnu.org; Tue, 28 Apr 2020 03:01:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38754) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jTKB5-0004vS-Qy for guix-patches@gnu.org; Tue, 28 Apr 2020 03:01:50 -0400 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,SPF_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.90_1) (envelope-from ) id 1jTK6t-0000j9-4W for guix-patches@gnu.org; Tue, 28 Apr 2020 02:57:07 -0400 Received: from knopi.disroot.org ([178.21.23.139]:44780) by eggs.gnu.org with esmtps (TLS1.2:DHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1jTK6s-0000is-9c for guix-patches@gnu.org; Tue, 28 Apr 2020 02:52:50 -0400 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 9685727EAF for ; Tue, 28 Apr 2020 08:52:46 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rtK_36gxJVpA for ; Tue, 28 Apr 2020 08:52:45 +0200 (CEST) Date: Tue, 28 Apr 2020 02:52:28 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1588056765; bh=dSdkWDhgALF6TkK3C3jrmfGkHPgFUjVZNvR2n0oOTVk=; h=Date:From:To:Subject; b=GWCzy2ZEZ0XazYKVsPSuNCwUIDGAVK5sy+L/Es0jiJyGwy8agvOHUzWu47syJz64Y NCqfI7KvPfj1HE/BiwT7rAoROqlsZ3yHC96iM5JxUH6h4MHY2bixSb4f4UE5qCVMwG 4En+IvrUlDuFRirqodvIo4eGKNVPKKL/2KIXyq80QVHhQJkAiWZO6OThC7XK6rtw4U 6M958mFZHHPY7Mtq6kJnK1PtWY2gnlda8b1GBegAU5+inkgcITyQFSrVxw4JdSpfi1 nenmNQEp0f2yZTOr5cIUXQAbBqhNZcuzq67nx9cU4BAfBy42rUdnhuihVB5zNGFh6M TmjsvX0JvT3xQ== From: Raghav Gururajan To: guix-patches@gnu.org Subject: gnu: udevil: Fix loading of setuid-programs. Message-ID: <20200428025228.09935bde.raghavgururajan@disroot.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="MP_/Yh96zZry0XzW8qnxO14RaNf" Received-SPF: pass client-ip=178.21.23.139; envelope-from=raghavgururajan@disroot.org; helo=knopi.disroot.org X-detected-operating-system: by eggs.gnu.org: First seen = 2020/04/28 02:52:46 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 178.21.23.139 X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) --MP_/Yh96zZry0XzW8qnxO14RaNf Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline --MP_/Yh96zZry0XzW8qnxO14RaNf Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0001-gnu-udevil-Fix-loading-of-setuid-programs.patch >From de62f6773a75bffff632f70fa3062b3668462543 Mon Sep 17 00:00:00 2001 From: Raghav Gururajan Date: Tue, 28 Apr 2020 02:29:36 -0400 Subject: [PATCH] gnu: udevil: Fix loading of setuid-programs. * gnu/packages/disk.scm (udevil): Fix loading of setuid-programs. [1] Patched references to mount, umount, losetup and setfacl; as udevil expects these programs to have uid set as root. [2] Patched references to udevil; as udevil itself and devmon expects udevil to have uid set as root. --- gnu/packages/disk.scm | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/gnu/packages/disk.scm b/gnu/packages/disk.scm index b7d3b9d954..2b9ba8e38d 100644 --- a/gnu/packages/disk.scm +++ b/gnu/packages/disk.scm @@ -103,16 +103,34 @@ (build-system gnu-build-system) (arguments `(#:configure-flags - (list "--disable-systemd" - (string-append "--sysconfdir=" - (assoc-ref %outputs "out") - "/etc")) + (list + "--disable-systemd" + (string-append "--sysconfdir=" + (assoc-ref %outputs "out") + "/etc") + ;; udevil expects these programs to be run with uid set as root. + ;; user has to manually add these programs to setuid-programs. + ;; mount and umount are default setuid-programs in guix system. + "--with-mount-prog=/run/setuid-programs/mount" + "--with-umount-prog=/run/setuid-programs/umount" + "--with-losetup-prog=/run/setuid-programs/losetup" + "--with-setfacl-prog=/run/setuid-programs/setfacl") #:phases (modify-phases %standard-phases (add-after 'unpack 'remove-root-reference (lambda _ (substitute* "src/Makefile.in" (("-o root -g root") "")) + #t)) + (add-after 'unpack 'patch-udevil-reference + ;; udevil expects itself to be run with uid set as root. + ;; devmon also expects udevil to be run with uid set as root. + ;; user has to manually add udevil to setuid-programs. + (lambda _ + (substitute* "src/udevil.c" + (("/usr/bin/udevil") "/run/setuid-programs/udevil")) + (substitute* "src/devmon" + (("`which udevil 2>/dev/null`") "/run/setuid-programs/udevil")) #t))))) (native-inputs `(("intltool" ,intltool) -- 2.26.2 --MP_/Yh96zZry0XzW8qnxO14RaNf-- From debbugs-submit-bounces@debbugs.gnu.org Fri May 01 08:24:11 2020 Received: (at 40922) by debbugs.gnu.org; 1 May 2020 12:24:11 +0000 Received: from localhost ([127.0.0.1]:48391 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jUUiA-0005TD-Mi for submit@debbugs.gnu.org; Fri, 01 May 2020 08:24:10 -0400 Received: from dd26836.kasserver.com ([85.13.145.193]:47244) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jUUi8-0005T4-OC for 40922@debbugs.gnu.org; Fri, 01 May 2020 08:24:09 -0400 Received: from localhost (80-110-127-207.cgn.dynamic.surfer.at [80.110.127.207]) by dd26836.kasserver.com (Postfix) with ESMTPSA id 00E0B3362C63; Fri, 1 May 2020 14:24:06 +0200 (CEST) Date: Fri, 1 May 2020 14:24:05 +0200 From: Danny Milosavljevic To: Raghav Gururajan Subject: Re: [bug#40922] gnu: udevil: Fix loading of setuid-programs. Message-ID: <20200501142405.75821fbb@scratchpost.org> In-Reply-To: <20200428025228.09935bde.raghavgururajan@disroot.org> References: <20200428025228.09935bde.raghavgururajan@disroot.org> X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/mNlzVP66_MXoiScELKezExd"; protocol="application/pgp-signature"; micalg=pgp-sha256 X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 40922 Cc: 40922@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --Sig_/mNlzVP66_MXoiScELKezExd Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Hi Raghav, On Tue, 28 Apr 2020 02:52:28 -0400 Raghav Gururajan wrote: > [1] Patched references to mount, umount, losetup and setfacl; as udevil > expects these programs to have uid set as root. > [2] Patched references to udevil; as udevil itself and devmon expects > udevil to have uid set as root. Why are both needed at the same time? If udevil is setuid root, then the other tools are invoked as root anyway, right? Or does udevil drop root privileges? (short look into src/udevil.c suggests yes) Is there a description from upstream how all that is supposed to work? Remainder OK. --Sig_/mNlzVP66_MXoiScELKezExd Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl6sFOUACgkQ5xo1VCww uqV62Qf9EZr93902BNUtMkbZOwkfbDqzEZePsaKpFS36/s80NzPSlQz61Gv/Nuy6 eaf73ociQg6vWhxnOSGgGN2KUGeqBBSps4SW+ZlT35HLsKnTYV+eR9AYvXsyZbqa 8cqZ+Mx/TyuRF7jznEttmbPdziP+OWiDIRulg0GokW4Brob/WT8ZzHRGk5fNQVOK fffrQrNxCm0uOoioOgKtKKZ/rznlyTZjqfTaW2LwfKOEIMI4RtBgc96CuJenCy+e 1Idl+CByl5tm3wDoYdK2fSNj8HUjy2NWxFquKclcSgVmH1HW3LWwTvyA//96Q7af xOhp+FuvFNxCHa5LBsDjhf3mA7YG7Q== =/LPD -----END PGP SIGNATURE----- --Sig_/mNlzVP66_MXoiScELKezExd-- From debbugs-submit-bounces@debbugs.gnu.org Fri May 01 10:05:38 2020 Received: (at 40922) by debbugs.gnu.org; 1 May 2020 14:05:39 +0000 Received: from localhost ([127.0.0.1]:50353 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jUWIM-0000QX-PY for submit@debbugs.gnu.org; Fri, 01 May 2020 10:05:38 -0400 Received: from knopi.disroot.org ([178.21.23.139]:47118) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jUWIL-0000QN-Bh for 40922@debbugs.gnu.org; Fri, 01 May 2020 10:05:38 -0400 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 84E0F2CC4B; Fri, 1 May 2020 16:05:35 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eMvxiq8R6PwQ; Fri, 1 May 2020 16:05:34 +0200 (CEST) Date: Fri, 1 May 2020 10:05:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1588341934; bh=d+eEDNUg9oqcyPs01ehSixjmnNNALmOIie/w0V4eXs0=; h=Date:From:To:Cc:Subject:In-Reply-To:References; b=LstPujJs6nz2UeVzdSYZbsbgQMrDfqXbgMrH1MXS4bUvV3Is0Kl7Ra7p8N+MIHhhx BEIP7uEV/gbKdntoNLvVl48FkONuZGBXwJKQX2528Y+EY7oeqAfuE8B8uH2AeVyEdc H6PcaoNZfcGg6WPcPQMpkGWv8yryfXe+yZpoq5GTbb8xGnJSZA0SBhq3BeVTwqsWd3 nqfo3idVuwzvbhbf5jnacydJa44f/WSoc1cd5Iwbd+RCjrFxoV16fVXMnxZDCWUDsz SNK8FxjbJ8p+CFq9idaFAtyawbF0p93GY/Ux2iQd6AakVGIIzfvun6WJpZ2FR/VaUz SXGizqUkUsfdw== From: Raghav Gururajan To: Danny Milosavljevic Subject: Re: [bug#40922] gnu: udevil: Fix loading of setuid-programs. Message-ID: <20200501100506.174e5fa1.raghavgururajan@disroot.org> In-Reply-To: <20200501142405.75821fbb@scratchpost.org> References: <20200428025228.09935bde.raghavgururajan@disroot.org> <20200501142405.75821fbb@scratchpost.org> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 40922 Cc: 40922@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Danny! > Why are both needed at the same time? If udevil is setuid root, then the > other tools are invoked as root anyway, right? Or does udevil drop root > privileges? (short look into src/udevil.c suggests yes) Yes, both are needed at same time. I tried them alternatively, did not work. As you mentioned, it drops previleges (file:src/udevil.c ; line:5061). > Is there a description from upstream how all that is supposed to work? There is some description in "Set SUID" section of README file (https://github.com/IgnorantGuru/udevil/blob/master/README). > Remainder OK. Thanks! Regards, RG. From debbugs-submit-bounces@debbugs.gnu.org Fri May 01 10:38:56 2020 Received: (at 40922-done) by debbugs.gnu.org; 1 May 2020 14:38:56 +0000 Received: from localhost ([127.0.0.1]:50380 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jUWoP-0001O1-Eb for submit@debbugs.gnu.org; Fri, 01 May 2020 10:38:56 -0400 Received: from dd26836.kasserver.com ([85.13.145.193]:57768) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jUWoN-0001Nt-NL for 40922-done@debbugs.gnu.org; Fri, 01 May 2020 10:38:44 -0400 Received: from localhost (80-110-127-207.cgn.dynamic.surfer.at [80.110.127.207]) by dd26836.kasserver.com (Postfix) with ESMTPSA id F3D273361552; Fri, 1 May 2020 16:38:41 +0200 (CEST) Date: Fri, 1 May 2020 16:38:38 +0200 From: Danny Milosavljevic To: Raghav Gururajan Subject: Re: [bug#40922] gnu: udevil: Fix loading of setuid-programs. Message-ID: <20200501163838.68e6ba19@scratchpost.org> In-Reply-To: <20200428025228.09935bde.raghavgururajan@disroot.org> References: <20200428025228.09935bde.raghavgururajan@disroot.org> X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/r2pVn0H8RpZek0g0qghE9g9"; protocol="application/pgp-signature"; micalg=pgp-sha256 X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 40922-done Cc: 40922-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --Sig_/r2pVn0H8RpZek0g0qghE9g9 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Pushed to guix master as commit 8546f4da5b3677001dbda6b3a116f5bdc44ea5c0. --Sig_/r2pVn0H8RpZek0g0qghE9g9 Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl6sNG4ACgkQ5xo1VCww uqXb/gf+LJtNgP+NvSzMl1hMBozWJOs6QDUTNQIqAqt/s9TsCGbTFFH1r7a4tulh 3U1cN4oXVw51xWgxL6cMrkG9Qv00gfZXB1bxsa+W6PjjKkeogEbBrcr+umO7UhkF AiQY7l50wuCuYAJe2L5I/FLJki+U7hnC8gMd065AXKOtx2d8Ct3CP1wwF48GyXQ9 y2B6ohTWYIi6ymLsZGZFrkvCXmSAW1odLZcDjbw4z4GqMhxuVCIW1cN2SYyp5zSr /4xhmAIP3LeP1uiWkdJlCyX5hAItY3dUxoAv+qg7ksDnatPtenMWS9BMmJ/5uLAP tJ6ZY+drEnRlMDIUekhFvC2rDWOBsw== =woS0 -----END PGP SIGNATURE----- --Sig_/r2pVn0H8RpZek0g0qghE9g9-- From unknown Sat Sep 06 14:23:57 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sat, 30 May 2020 11:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator