From unknown Sun Jun 22 07:53:52 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#41875] [PATCH] system: Add 'sg' and 'newgrp' to %SETUID-PROGRAMS. Resent-From: Brice Waegeneire Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 15 Jun 2020 16:24:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 41875 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 41875@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.15922382173115 (code B ref -1); Mon, 15 Jun 2020 16:24:02 +0000 Received: (at submit) by debbugs.gnu.org; 15 Jun 2020 16:23:37 +0000 Received: from localhost ([127.0.0.1]:47276 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jkrtY-0000oA-Ow for submit@debbugs.gnu.org; Mon, 15 Jun 2020 12:23:36 -0400 Received: from lists.gnu.org ([209.51.188.17]:57158) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jkrtX-0000ny-9F for submit@debbugs.gnu.org; Mon, 15 Jun 2020 12:23:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:54612) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jkrtX-00035y-3x for guix-patches@gnu.org; Mon, 15 Jun 2020 12:23:35 -0400 Received: from relay12.mail.gandi.net ([217.70.178.232]:43881) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jkrtV-0005Si-I2 for guix-patches@gnu.org; Mon, 15 Jun 2020 12:23:34 -0400 Received: from localhost (luy13-1-78-237-113-178.fbx.proxad.net [78.237.113.178]) (Authenticated sender: brice@waegenei.re) by relay12.mail.gandi.net (Postfix) with ESMTPSA id A715A200006 for ; Mon, 15 Jun 2020 16:23:31 +0000 (UTC) From: Brice Waegeneire Date: Mon, 15 Jun 2020 18:23:28 +0200 Message-Id: <20200615162328.25429-1-brice@waegenei.re> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=217.70.178.232; envelope-from=brice@waegenei.re; helo=relay12.mail.gandi.net X-detected-operating-system: by eggs.gnu.org: First seen = 2020/06/15 12:18:57 X-ACL-Warn: Detected OS = Linux 3.11 and newer X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-Spam-Score: -1.6 (-) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.6 (--) * gnu/system.scm (%setuid-programs): Add 'sg' and 'newgrp'. --- Without it 'newgrp' is unusable: --8<---------------cut here---------------start------------->8--- $ whoami bricewge $ cat /etc/group | grep wireshark wireshark:x:970:bricewge $ groups users libvirt adbusers plugdev kvm lp netdev audio video input dialout wheel $ newgrp wireshark setgroups: Operation not permitted setgid: Operation not permitted --8<---------------cut here---------------end--------------->8--- I also added 'sg' since, in the shadow package, it's a symlink to 'newgrp'. gnu/system.scm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gnu/system.scm b/gnu/system.scm index 06bbc9e9c8..3e3d1927c2 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -932,7 +932,9 @@ use 'plain-file' instead~%") ;; Default set of setuid-root programs. (let ((shadow (@ (gnu packages admin) shadow))) (list (file-append shadow "/bin/passwd") + (file-append shadow "/bin/sg") (file-append shadow "/bin/su") + (file-append shadow "/bin/newgrp") (file-append shadow "/bin/newuidmap") (file-append shadow "/bin/newgidmap") (file-append inetutils "/bin/ping") -- 2.26.2 From unknown Sun Jun 22 07:53:52 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Brice Waegeneire Subject: bug#41875: closed (Re: [bug#41875] [PATCH] system: Add 'sg' and 'newgrp' to %SETUID-PROGRAMS.) Message-ID: References: <87sgepcco5.fsf@member.fsf.org> <20200615162328.25429-1-brice@waegenei.re> X-Gnu-PR-Message: they-closed 41875 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 41875@debbugs.gnu.org Date: Sun, 21 Jun 2020 03:38:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1592710682-29579-1" This is a multi-part message in MIME format... ------------=_1592710682-29579-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #41875: [PATCH] system: Add 'sg' and 'newgrp' to %SETUID-PROGRAMS. which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 41875@debbugs.gnu.org. --=20 41875: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D41875 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1592710682-29579-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 41875-done) by debbugs.gnu.org; 21 Jun 2020 03:37:25 +0000 Received: from localhost ([127.0.0.1]:59071 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jmqnM-0007g7-QT for submit@debbugs.gnu.org; Sat, 20 Jun 2020 23:37:24 -0400 Received: from rezeros.cc ([45.76.207.221]:35212) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jmqnI-0007fn-2c for 41875-done@debbugs.gnu.org; Sat, 20 Jun 2020 23:37:22 -0400 Received: from localhost ( [2409:8a62:377:b2c0:a4d8:2ce4:39b7:2368]) by rezeros.cc (OpenSMTPD) with ESMTPSA id 127569cb (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Sun, 21 Jun 2020 03:37:11 +0000 (UTC) Received: from gift (localhost [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id 1a79ef90; Sun, 21 Jun 2020 03:36:58 +0000 (UTC) From: iyzsong@member.fsf.org (=?utf-8?B?5a6L5paH5q2m?=) To: Brice Waegeneire Subject: Re: [bug#41875] [PATCH] system: Add 'sg' and 'newgrp' to %SETUID-PROGRAMS. References: <20200615162328.25429-1-brice@waegenei.re> Date: Sun, 21 Jun 2020 11:36:58 +0800 In-Reply-To: <20200615162328.25429-1-brice@waegenei.re> (Brice Waegeneire's message of "Mon, 15 Jun 2020 18:23:28 +0200") Message-ID: <87sgepcco5.fsf@member.fsf.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 41875-done Cc: 41875-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Brice Waegeneire writes: > * gnu/system.scm (%setuid-programs): Add 'sg' and 'newgrp'. Pushed, thank you! ------------=_1592710682-29579-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 15 Jun 2020 16:23:37 +0000 Received: from localhost ([127.0.0.1]:47276 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jkrtY-0000oA-Ow for submit@debbugs.gnu.org; Mon, 15 Jun 2020 12:23:36 -0400 Received: from lists.gnu.org ([209.51.188.17]:57158) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jkrtX-0000ny-9F for submit@debbugs.gnu.org; Mon, 15 Jun 2020 12:23:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:54612) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jkrtX-00035y-3x for guix-patches@gnu.org; Mon, 15 Jun 2020 12:23:35 -0400 Received: from relay12.mail.gandi.net ([217.70.178.232]:43881) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jkrtV-0005Si-I2 for guix-patches@gnu.org; Mon, 15 Jun 2020 12:23:34 -0400 Received: from localhost (luy13-1-78-237-113-178.fbx.proxad.net [78.237.113.178]) (Authenticated sender: brice@waegenei.re) by relay12.mail.gandi.net (Postfix) with ESMTPSA id A715A200006 for ; Mon, 15 Jun 2020 16:23:31 +0000 (UTC) From: Brice Waegeneire To: guix-patches@gnu.org Subject: [PATCH] system: Add 'sg' and 'newgrp' to %SETUID-PROGRAMS. Date: Mon, 15 Jun 2020 18:23:28 +0200 Message-Id: <20200615162328.25429-1-brice@waegenei.re> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=217.70.178.232; envelope-from=brice@waegenei.re; helo=relay12.mail.gandi.net X-detected-operating-system: by eggs.gnu.org: First seen = 2020/06/15 12:18:57 X-ACL-Warn: Detected OS = Linux 3.11 and newer X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-Spam-Score: -1.6 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.6 (--) * gnu/system.scm (%setuid-programs): Add 'sg' and 'newgrp'. --- Without it 'newgrp' is unusable: --8<---------------cut here---------------start------------->8--- $ whoami bricewge $ cat /etc/group | grep wireshark wireshark:x:970:bricewge $ groups users libvirt adbusers plugdev kvm lp netdev audio video input dialout wheel $ newgrp wireshark setgroups: Operation not permitted setgid: Operation not permitted --8<---------------cut here---------------end--------------->8--- I also added 'sg' since, in the shadow package, it's a symlink to 'newgrp'. gnu/system.scm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gnu/system.scm b/gnu/system.scm index 06bbc9e9c8..3e3d1927c2 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -932,7 +932,9 @@ use 'plain-file' instead~%") ;; Default set of setuid-root programs. (let ((shadow (@ (gnu packages admin) shadow))) (list (file-append shadow "/bin/passwd") + (file-append shadow "/bin/sg") (file-append shadow "/bin/su") + (file-append shadow "/bin/newgrp") (file-append shadow "/bin/newuidmap") (file-append shadow "/bin/newgidmap") (file-append inetutils "/bin/ping") -- 2.26.2 ------------=_1592710682-29579-1-- From unknown Sun Jun 22 07:53:52 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#41875] [PATCH] system: Add 'sg' and 'newgrp' to %SETUID-PROGRAMS. Resent-From: Marius Bakke Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 22 Jun 2020 21:16:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 41875 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Brice Waegeneire , 41875@debbugs.gnu.org Received: via spool by 41875-submit@debbugs.gnu.org id=B41875.159286051810039 (code B ref 41875); Mon, 22 Jun 2020 21:16:01 +0000 Received: (at 41875) by debbugs.gnu.org; 22 Jun 2020 21:15:18 +0000 Received: from localhost ([127.0.0.1]:34733 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jnTmf-0002br-Rm for submit@debbugs.gnu.org; Mon, 22 Jun 2020 17:15:18 -0400 Received: from eggs.gnu.org ([209.51.188.92]:36702) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jnTmd-0002be-Ie for 41875@debbugs.gnu.org; Mon, 22 Jun 2020 17:15:16 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:49340) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jnTmW-0005yV-3v; Mon, 22 Jun 2020 17:15:08 -0400 Received: from ti0006q161-3115.bb.online.no ([88.95.106.80]:59172 helo=localhost) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jnTmQ-0002zY-Jh; Mon, 22 Jun 2020 17:15:05 -0400 From: Marius Bakke In-Reply-To: <20200615162328.25429-1-brice@waegenei.re> References: <20200615162328.25429-1-brice@waegenei.re> Date: Mon, 22 Jun 2020 23:14:59 +0200 Message-ID: <87zh8uajl8.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain Brice Waegeneire writes: > * gnu/system.scm (%setuid-programs): Add 'sg' and 'newgrp'. LGTM. Now I can remove this bit from my system config: (setuid-programs (append (list #~(string-append #$shadow "/bin/newgrp")) %setuid-programs))) --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAl7xH1QACgkQoqBt8qM6 VPp8aggAh8OAw3YRdJkeUgxlDCtZO0C7tov4vf1IuCg6avzbQBhl8exw2r0BITxQ 4w3sHk1yXXpnXOHXpT44I60fuDONDCdOuzfAAT4urHCunMCdjEskk5G3+NSyim8B yuUPXtLhRCFOISgRALeR5D/+3kP/LFnrYfd7mldSoLmhpaurJ+vyG9MO98IvHtAs V81Hm29nYSx/ZOTV5JdNRpeeamCTFJQFRuPlDFEhOcMkIlwgTiVjlgAgUdaTlK3p 7EF3yI6uKomp7p0uz5xaotMInPEcGtfflIbg+c918ZBJu9Od1yBmo19cPcP+vVFA bI0GG6BgL7SC9tz9RZ92PlqfMdWy3g== =0LsM -----END PGP SIGNATURE----- --=-=-=--