From debbugs-submit-bounces@debbugs.gnu.org Mon Jun 15 12:23:37 2020 Received: (at submit) by debbugs.gnu.org; 15 Jun 2020 16:23:37 +0000 Received: from localhost ([127.0.0.1]:47276 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jkrtY-0000oA-Ow for submit@debbugs.gnu.org; Mon, 15 Jun 2020 12:23:36 -0400 Received: from lists.gnu.org ([209.51.188.17]:57158) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jkrtX-0000ny-9F for submit@debbugs.gnu.org; Mon, 15 Jun 2020 12:23:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:54612) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jkrtX-00035y-3x for guix-patches@gnu.org; Mon, 15 Jun 2020 12:23:35 -0400 Received: from relay12.mail.gandi.net ([217.70.178.232]:43881) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jkrtV-0005Si-I2 for guix-patches@gnu.org; Mon, 15 Jun 2020 12:23:34 -0400 Received: from localhost (luy13-1-78-237-113-178.fbx.proxad.net [78.237.113.178]) (Authenticated sender: brice@waegenei.re) by relay12.mail.gandi.net (Postfix) with ESMTPSA id A715A200006 for ; Mon, 15 Jun 2020 16:23:31 +0000 (UTC) From: Brice Waegeneire To: guix-patches@gnu.org Subject: [PATCH] system: Add 'sg' and 'newgrp' to %SETUID-PROGRAMS. Date: Mon, 15 Jun 2020 18:23:28 +0200 Message-Id: <20200615162328.25429-1-brice@waegenei.re> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=217.70.178.232; envelope-from=brice@waegenei.re; helo=relay12.mail.gandi.net X-detected-operating-system: by eggs.gnu.org: First seen = 2020/06/15 12:18:57 X-ACL-Warn: Detected OS = Linux 3.11 and newer X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-Spam-Score: -1.6 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.6 (--) * gnu/system.scm (%setuid-programs): Add 'sg' and 'newgrp'. --- Without it 'newgrp' is unusable: --8<---------------cut here---------------start------------->8--- $ whoami bricewge $ cat /etc/group | grep wireshark wireshark:x:970:bricewge $ groups users libvirt adbusers plugdev kvm lp netdev audio video input dialout wheel $ newgrp wireshark setgroups: Operation not permitted setgid: Operation not permitted --8<---------------cut here---------------end--------------->8--- I also added 'sg' since, in the shadow package, it's a symlink to 'newgrp'. gnu/system.scm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gnu/system.scm b/gnu/system.scm index 06bbc9e9c8..3e3d1927c2 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -932,7 +932,9 @@ use 'plain-file' instead~%") ;; Default set of setuid-root programs. (let ((shadow (@ (gnu packages admin) shadow))) (list (file-append shadow "/bin/passwd") + (file-append shadow "/bin/sg") (file-append shadow "/bin/su") + (file-append shadow "/bin/newgrp") (file-append shadow "/bin/newuidmap") (file-append shadow "/bin/newgidmap") (file-append inetutils "/bin/ping") -- 2.26.2 From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 20 23:37:24 2020 Received: (at 41875-done) by debbugs.gnu.org; 21 Jun 2020 03:37:25 +0000 Received: from localhost ([127.0.0.1]:59071 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jmqnM-0007g7-QT for submit@debbugs.gnu.org; Sat, 20 Jun 2020 23:37:24 -0400 Received: from rezeros.cc ([45.76.207.221]:35212) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jmqnI-0007fn-2c for 41875-done@debbugs.gnu.org; Sat, 20 Jun 2020 23:37:22 -0400 Received: from localhost ( [2409:8a62:377:b2c0:a4d8:2ce4:39b7:2368]) by rezeros.cc (OpenSMTPD) with ESMTPSA id 127569cb (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Sun, 21 Jun 2020 03:37:11 +0000 (UTC) Received: from gift (localhost [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id 1a79ef90; Sun, 21 Jun 2020 03:36:58 +0000 (UTC) From: iyzsong@member.fsf.org (=?utf-8?B?5a6L5paH5q2m?=) To: Brice Waegeneire Subject: Re: [bug#41875] [PATCH] system: Add 'sg' and 'newgrp' to %SETUID-PROGRAMS. References: <20200615162328.25429-1-brice@waegenei.re> Date: Sun, 21 Jun 2020 11:36:58 +0800 In-Reply-To: <20200615162328.25429-1-brice@waegenei.re> (Brice Waegeneire's message of "Mon, 15 Jun 2020 18:23:28 +0200") Message-ID: <87sgepcco5.fsf@member.fsf.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 41875-done Cc: 41875-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Brice Waegeneire writes: > * gnu/system.scm (%setuid-programs): Add 'sg' and 'newgrp'. Pushed, thank you! From debbugs-submit-bounces@debbugs.gnu.org Mon Jun 22 17:15:18 2020 Received: (at 41875) by debbugs.gnu.org; 22 Jun 2020 21:15:18 +0000 Received: from localhost ([127.0.0.1]:34733 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jnTmf-0002br-Rm for submit@debbugs.gnu.org; Mon, 22 Jun 2020 17:15:18 -0400 Received: from eggs.gnu.org ([209.51.188.92]:36702) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jnTmd-0002be-Ie for 41875@debbugs.gnu.org; Mon, 22 Jun 2020 17:15:16 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:49340) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jnTmW-0005yV-3v; Mon, 22 Jun 2020 17:15:08 -0400 Received: from ti0006q161-3115.bb.online.no ([88.95.106.80]:59172 helo=localhost) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jnTmQ-0002zY-Jh; Mon, 22 Jun 2020 17:15:05 -0400 From: Marius Bakke To: Brice Waegeneire , 41875@debbugs.gnu.org Subject: Re: [bug#41875] [PATCH] system: Add 'sg' and 'newgrp' to %SETUID-PROGRAMS. In-Reply-To: <20200615162328.25429-1-brice@waegenei.re> References: <20200615162328.25429-1-brice@waegenei.re> Date: Mon, 22 Jun 2020 23:14:59 +0200 Message-ID: <87zh8uajl8.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 41875 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain Brice Waegeneire writes: > * gnu/system.scm (%setuid-programs): Add 'sg' and 'newgrp'. LGTM. Now I can remove this bit from my system config: (setuid-programs (append (list #~(string-append #$shadow "/bin/newgrp")) %setuid-programs))) --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAl7xH1QACgkQoqBt8qM6 VPp8aggAh8OAw3YRdJkeUgxlDCtZO0C7tov4vf1IuCg6avzbQBhl8exw2r0BITxQ 4w3sHk1yXXpnXOHXpT44I60fuDONDCdOuzfAAT4urHCunMCdjEskk5G3+NSyim8B yuUPXtLhRCFOISgRALeR5D/+3kP/LFnrYfd7mldSoLmhpaurJ+vyG9MO98IvHtAs V81Hm29nYSx/ZOTV5JdNRpeeamCTFJQFRuPlDFEhOcMkIlwgTiVjlgAgUdaTlK3p 7EF3yI6uKomp7p0uz5xaotMInPEcGtfflIbg+c918ZBJu9Od1yBmo19cPcP+vVFA bI0GG6BgL7SC9tz9RZ92PlqfMdWy3g== =0LsM -----END PGP SIGNATURE----- --=-=-=-- From unknown Tue Jun 17 22:18:16 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Tue, 21 Jul 2020 11:24:07 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator