WIP: Setuid interface #22532
WIP: Setuid interface #22532
Conversation
Use a sane default. Who wants a setuid to "nobody" TODO: Big fat warning for breaking backward-compatibility
Automatically install the setuid wrappers for all
environent.systemPackages that expose the "setuid" attribute.
That "setuid" attribute must be a list of programs that need to be
wrapped with the following attrset:
{ program
, source ? ""
, owner ? "root"
, group ? "root"
, setuid ? true
, setgid ? false
, permissions ? "u+rx,g+x,o+x"
}
Guarantees that the wrapper is going to use the package's binary and not some other one with the same name.
|
👍 on this. One minor issue is the use of |
|
Alright, makes sense. Playing devil's advocate on my own proposal but what do you think of having the package select the uid/gid of the setuid like I implemented? I'm a bit concerned that the uid/gid list is a system concern instead. |
|
I would say that sometimes having some package available in the system path makes sense both with and without setuid wrapper (for different use cases), so not having a system-level override at all would be a step back. As for UID/GID management, maybe recommending the default names and allocating new ids if the names are unknown would be OK, but that requires state, because such a user name could be added to the global list of UIDs later… |
|
I think NixOS wrappers have gone in a slightly different direction… |
Motivation for this change
Inspired by the discussion at http://lists.science.uu.nl/pipermail/nix-dev/2017-February/022698.html I had a look and it seems that each setuid program needs to be specified by hand.
On other operating systems, the packages install their setuid themselves. I believe the package is also best placed to know which binaries he installs should setuid.
This is just a proof of concept for now, let me know what you think!
Things done
(nix.useSandbox on NixOS,
or option
build-use-sandboxinnix.confon non-NixOS)
nix-shell -p nox --run "nox-review wip"./result/bin/)