GNU bug report logs - #54205
[PATCH Shepherd] Factor out a public CALL-IN-FORK.

Previous Next

Package: guix-patches;

Reported by: Attila Lendvai <attila <at> lendvai.name>

Date: Tue, 1 Mar 2022 07:08:01 UTC

Severity: normal

Tags: patch, wontfix

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Attila Lendvai <attila <at> lendvai.name>
To: Liliana Marie Prikler <liliana.prikler <at> ist.tugraz.at>
Cc: 54205 <at> debbugs.gnu.org
Subject: [bug#54205] [PATCH v2] Factor out a public FORK-AND-CALL.
Date: Tue, 01 Mar 2022 13:04:40 +0000

> In general, I think such capabilities should be added to exec-command,
> rather than resorting to a lambda. It takes a little while to realize
> that call-in-fork, fork-and-call or whatever you want to name it is in
> fact not pure evil; mainly because shepherd could in its stead already
> invoke any lambda you throw at it. That being said, one should always
> be aware that this child process runs with the full permissions of
> shepherd, which you normally don't want to do for a service.


does the above mean that you're concerned about the security implications? if
so, then i don't understand, because Guile already allows calling/accessing
private functions/symbols, and thus this change doesn't really increase the
(already enormous) attack surface in the guile codebase.

it does increase the shoot-oneself-in-the-foot-surface a little bit, though.

it's worth pointing out, though, that trusting a channel, and adding a shepherd
service defined by it to the machine's config, is essentially giving root access
to the channel author. and this is already the case, prior to my change.

BTW, can i not already simply pass 0, or "root" as #:user to EXEC-COMMAND?


> In my opinion, it ought to be
>
> > +(define* (fork+apply proc . args)
> [...]
>
> WDYT?


makes sense, i'll update the patch... but given the feedback from the two of
you, should i?

i think i'll abandon this, and implement Maxime's #:rlimits suggestion.

i'm not sure how much better that will be, but at least it won't make future
threading harder, and allows me to make progress with my project.

if anyone prefers the FORK+APPLY version, then do speak up!

--
• attila lendvai
• PGP: 963F 5D5F 45C7 DFCD 0A39
--
“An atheist doesn't have to be someone who thinks he has a proof that there can't be a god. He only has to be someone who believes that the evidence on the God question is at a similar level to the evidence on the werewolf question.”
	— John McCarthy (1927–2011), father of Lisp
This bug report was last modified 3 years and 148 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.