From unknown Fri Jun 20 05:32:50 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#62725 <62725@debbugs.gnu.org> To: bug#62725 <62725@debbugs.gnu.org> Subject: Status: Undefined activation ordering between =?UTF-8?Q?=E2=80=98setuid-program-service-type=E2=80=99?= and =?UTF-8?Q?=E2=80=98account-service-type=E2=80=99?= Reply-To: bug#62725 <62725@debbugs.gnu.org> Date: Fri, 20 Jun 2025 12:32:50 +0000 retitle 62725 Undefined activation ordering between =E2=80=98setuid-program= -service-type=E2=80=99 and =E2=80=98account-service-type=E2=80=99 reassign 62725 guix submitter 62725 Brian Cully severity 62725 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 08 11:04:27 2023 Received: (at submit) by debbugs.gnu.org; 8 Apr 2023 15:04:27 +0000 Received: from localhost ([127.0.0.1]:59300 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1plA79-0006Op-8M for submit@debbugs.gnu.org; Sat, 08 Apr 2023 11:04:27 -0400 Received: from lists.gnu.org ([209.51.188.17]:39876) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1plA77-0006Oh-LL for submit@debbugs.gnu.org; Sat, 08 Apr 2023 11:04:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1plA77-0002N3-0X for bug-guix@gnu.org; Sat, 08 Apr 2023 11:04:25 -0400 Received: from coleridge.kublai.com ([166.84.7.167] helo=mail.spork.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1plA75-0003W0-Gg for bug-guix@gnu.org; Sat, 08 Apr 2023 11:04:24 -0400 Received: from psyduck (ool-18b8e9e7.dyn.optonline.net [24.184.233.231]) by mail.spork.org (Postfix) with ESMTPSA id 553B9A86E for ; Sat, 8 Apr 2023 11:04:06 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=spork.org; s=dkim; t=1680966246; bh=jF/JkC3ivVgibGXvzyKDDYPP9VPaEKtX7T2LggvK0wk=; h=From:To:Subject:Date; b=OGO8j8lj6BLioCrm6qpbYy6n5GfXmANv5DA5WzVSY3HAmRTqxByPfHRMlZj4h6HeA wMO8Y+I3qUT+uZp/6j1iE+zjPnFmPiTAmbmb8swNdcETktWE1bEqFhZXlK+X/Unxf9 hbmEwiaPyKylogu0Oup3pqxJ96C1cK/G886xtEc0= User-agent: mu4e 1.10.0; emacs 28.2 From: Brian Cully To: bug-guix@gnu.org Subject: Undefined activation ordering between =?utf-8?Q?=E2=80=98setuid-p?= =?utf-8?Q?rogram-service-type=E2=80=99?= and =?utf-8?Q?=E2=80=98account-service-type=E2=80=99?= Date: Sat, 08 Apr 2023 10:53:07 -0400 Message-ID: <878rf24dqz.fsf@psyduck.jhoto.kublai.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=166.84.7.167; envelope-from=bjc@spork.org; helo=mail.spork.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) There is currently no way to ensure that an account exists before=20 creating /run/setuid-programs, which means a setuid-program which=20 uses a custom user or group will fail to be created if setuid=20 activation happens before account activation. As an example, here's a system config where I'm trying to install=20 =E2=80=98/run/setuid-programs/dumpcap=E2=80=99 as setuid root with a primar= y group=20 of =E2=80=98wireshark=E2=80=99, also created by this config: --8<---------------cut here---------------start------------->8--- (use-modules (gnu) (gnu system setuid)) (use-package-modules networking) (use-service-modules setuid) ;; TODO: make name configurable (define %wireshark-groups (list (user-group (name "wireshark") (system? #t)))) (define %wireshark-setuid-programs (list (setuid-program (program (file-append wireshark "/bin/dumpcap")) (group "wireshark") #;(mask #o550)))) (define wireshark-service-type (service-type (name 'wireshark) (description "Allow use of wireshark by regular users in the=20 @code{wireshark} group.") (extensions (list (service-extension account-service-type (const %wireshark-groups)) (service-extension setuid-program-service-type (const %wireshark-setuid-programs)))) (default-value #f))) (operating-system (locale "en_US.utf8") (timezone "America/New_York") (keyboard-layout (keyboard-layout "us")) (host-name "wireshark-test") (users (cons* (user-account (name "test") (group "users") (password (crypt "test" "$6$test")) (supplementary-groups '("wireshark"))) %base-user-accounts)) (packages (cons* (specification->package "wireshark") %base-packages)) (services (cons* (service wireshark-service-type) %base-services)) (bootloader (bootloader-configuration (bootloader grub-efi-bootloader) (targets '("/boot/efi")) (keyboard-layout keyboard-layout))) (file-systems (cons* (file-system (mount-point "/") (device (uuid "14f4e958-be9e-41bb-bd25-e90a7330093c" 'btrfs)) (type "btrfs")) (file-system (mount-point "/boot/efi") (device (uuid "6866-56B1" 'fat32)) (type "vfat")) %base-file-systems))) --8<---------------cut here---------------end--------------->8--- When trying to boot this system in a VM, I'm told that the dumpcap=20 binary couldn't be created because the file wasn't found. The=20 returned error is improperly attributed: the source file does=20 exist, and the error code is actually coming from getgrent(3)=20 which cannot find the =E2=80=98wireshark=E2=80=99 group. Tracing through the activation scripts shows this to be because,=20 in this case, setuid-program activation happens before=20 account-activation. Thanks to jpoiret for doing a lot of the investigative work here,=20 which I'm merely verifying through testing. I believe the correct solution here is to move =E2=80=98setuid-program=E2= =80=99=20 activation to a one-shot Shepherd service, because Shepherd allows=20 explicit ordering, as well as other advantages. To that end, I=20 have a patch which does precisely that, which I will send to the=20 patches list shorty. -bjc From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 08 12:57:07 2023 Received: (at control) by debbugs.gnu.org; 8 Apr 2023 16:57:07 +0000 Received: from localhost ([127.0.0.1]:59404 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1plBsB-0001CY-23 for submit@debbugs.gnu.org; Sat, 08 Apr 2023 12:57:07 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:43331) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1plBs8-0001C2-N1 for control@debbugs.gnu.org; Sat, 08 Apr 2023 12:57:05 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 5C4635C00A8; Sat, 8 Apr 2023 12:56:59 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Sat, 08 Apr 2023 12:56:59 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:content-type:date:date:from:from:in-reply-to :message-id:mime-version:reply-to:sender:subject:to:to; s= mesmtp; t=1680973019; x=1681059419; bh=Z1XD9tsgNYZeYYZm7J/Yxl1RA h7snzrwxP/aL3XguK4=; b=CeqdeqeHUzJuDlBAQ10j3CFLu4/iscDyo8/7TfrWv +g+saR5B9DdfrN45ilbQ5g+57HMnyF1SAh70QrpoqskKicuVh+CSojk9ScJ7Q/JB rX9fMue7AsyRp11tZ5Jlc9SZzFgsCn9R7UUUHbcW2Z938IPPeZdEzs/C746ZWEEb 68= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:message-id :mime-version:reply-to:sender:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1680973019; x=1681059419; bh=Z1XD9tsgNYZeYYZm7J/Yxl1RAh7snzrwxP/ aL3XguK4=; b=FU7IUdL4SG5SbR1hTavReH0t/14dZxkk0yp1KHwTquKQRJnvFcp 5JCiDUHXoFnjOIklvubqlUr8XjuNTievPLkH88mCE4u/nt+SpKqBdz7ZBot+Lqs1 0Oyd/rEYK8OHrLwoM69YuhjCooq2upoQX3zPaVE1Ar4OyMZVNCp8yFDIfXhvkI+x b1uUKbCmpw7iGPIMMTsGjux6EUlUk5QdVKxg4HD8dAcxGpAkLDSGqkzN9KNaPfVB pH5Fvm1KK8q8+eMSfSEmDHICfmxeNyxCzwweWlGgvbja1SsmE+5Tf/mlJRGZkVs6 lkRauRJeC0OZMucq1luEfW7WHLR1UnS6YeA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrvdejjedguddtkecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecugfhmphhthicushhusghjvggtthculddutddmne cujfgurhepfffhvffkgggtugesthdtredttddtvdenucfhrhhomhepnfgvohcuhfgrmhhu lhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrthhtvghrnh ephfejiefgfeevvdefteehgeeltdekvedutdegtdduieetheetgedvfeffudfffeffnecu vehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplhgvohesfh grmhhulhgrrhhirdhnrghmvg X-ME-Proxy: Feedback-ID: i819c4023:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Sat, 8 Apr 2023 12:56:58 -0400 (EDT) Date: Sat, 8 Apr 2023 12:56:43 -0400 From: Leo Famulari To: control@debbugs.gnu.org Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: block 62725 with 62726 Content analysis details: (1.3 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [66.111.4.28 listed in list.dnswl.org] 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [66.111.4.28 listed in wl.mailspike.net] 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders 1.8 MISSING_SUBJECT Missing Subject: header 0.2 NO_SUBJECT Extra score for no subject X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.3 (/) block 62725 with 62726