mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2025-01-11 13:49:23 -05:00
system: Disallow file-like setuid-programs.
It has been a warning for well over a year now. Now, with privileged-programs coming, don't let's support nested deprecation hacks. * gnu/system.scm (<operating-system>): Don't ‘sanitize’ the setuid-programs field. (ensure-setuid-program-list): Delete syntax. (%ensure-setuid-program-list): Delete variable.
This commit is contained in:
parent
6c045f2c9e
commit
0dffb851e0
1 changed files with 1 additions and 27 deletions
|
@ -302,8 +302,7 @@ (define-record-type* <operating-system> operating-system
|
||||||
(pam-services operating-system-pam-services ; list of PAM services
|
(pam-services operating-system-pam-services ; list of PAM services
|
||||||
(default (base-pam-services)))
|
(default (base-pam-services)))
|
||||||
(setuid-programs operating-system-setuid-programs
|
(setuid-programs operating-system-setuid-programs
|
||||||
(default %setuid-programs) ; list of <setuid-program>
|
(default %setuid-programs)) ; list of <setuid-program>
|
||||||
(sanitize ensure-setuid-program-list))
|
|
||||||
|
|
||||||
(sudoers-file operating-system-sudoers-file ; file-like
|
(sudoers-file operating-system-sudoers-file ; file-like
|
||||||
(default %sudoers-specification))
|
(default %sudoers-specification))
|
||||||
|
@ -1240,31 +1239,6 @@ (define (operating-system-environment-variables os)
|
||||||
;; when /etc/machine-id is missing. Make sure these warnings are non-fatal.
|
;; when /etc/machine-id is missing. Make sure these warnings are non-fatal.
|
||||||
("DBUS_FATAL_WARNINGS" . "0")))
|
("DBUS_FATAL_WARNINGS" . "0")))
|
||||||
|
|
||||||
;; Ensure LST is a list of <setuid-program> records and warn otherwise.
|
|
||||||
(define-with-syntax-properties (ensure-setuid-program-list (lst properties))
|
|
||||||
(%ensure-setuid-program-list lst properties))
|
|
||||||
|
|
||||||
;; We want to be able to use defines, so define a procedure.
|
|
||||||
(define (%ensure-setuid-program-list lst properties)
|
|
||||||
(define warned? #f)
|
|
||||||
|
|
||||||
(define (warn-once)
|
|
||||||
(unless warned?
|
|
||||||
(warning (source-properties->location properties)
|
|
||||||
(G_ "representing setuid programs with file-like objects is \
|
|
||||||
deprecated; use 'setuid-program' instead~%"))
|
|
||||||
(set! warned? #t)))
|
|
||||||
|
|
||||||
(map (match-lambda
|
|
||||||
((? setuid-program? program)
|
|
||||||
program)
|
|
||||||
(program
|
|
||||||
;; PROGRAM is a file-like or a gexp like #~(string-append #$foo
|
|
||||||
;; "/bin/bar").
|
|
||||||
(warn-once)
|
|
||||||
(setuid-program (program program))))
|
|
||||||
lst))
|
|
||||||
|
|
||||||
(define %setuid-programs
|
(define %setuid-programs
|
||||||
;; Default set of setuid-root programs.
|
;; Default set of setuid-root programs.
|
||||||
(let ((shadow (@ (gnu packages admin) shadow)))
|
(let ((shadow (@ (gnu packages admin) shadow)))
|
||||||
|
|
Loading…
Reference in a new issue