diff options
| author | Tobias Geerinckx-Rice <me@tobias.gr> | 2022-10-23 02:00:00 +0200 |
|---|---|---|
| committer | Tobias Geerinckx-Rice <me@tobias.gr> | 2024-08-11 02:00:00 +0200 |
| commit | 0dffb851e0feced94742ad024f245b925c503fa2 (patch) | |
| tree | 7093eb632cdc445dd08694499915ef4fd46ae477 /gnu/system.scm | |
| parent | 6c045f2c9eb7b8efe7c8a1002cda990abaa9be1a (diff) | |
system: Disallow file-like setuid-programs.
It has been a warning for well over a year now. Now, with
privileged-programs coming, don't let's support nested deprecation
hacks.
* gnu/system.scm (<operating-system>):
Don't ‘sanitize’ the setuid-programs field.
(ensure-setuid-program-list): Delete syntax.
(%ensure-setuid-program-list): Delete variable.
Diffstat (limited to 'gnu/system.scm')
| -rw-r--r-- | gnu/system.scm | 28 |
1 files changed, 1 insertions, 27 deletions
diff --git a/gnu/system.scm b/gnu/system.scm index c76f4d7c50..5c18edd620 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -302,8 +302,7 @@ VERSION is the target version of the boot-parameters record." (pam-services operating-system-pam-services ; list of PAM services (default (base-pam-services))) (setuid-programs operating-system-setuid-programs - (default %setuid-programs) ; list of <setuid-program> - (sanitize ensure-setuid-program-list)) + (default %setuid-programs)) ; list of <setuid-program> (sudoers-file operating-system-sudoers-file ; file-like (default %sudoers-specification)) @@ -1240,31 +1239,6 @@ use 'plain-file' instead~%") ;; when /etc/machine-id is missing. Make sure these warnings are non-fatal. ("DBUS_FATAL_WARNINGS" . "0"))) -;; Ensure LST is a list of <setuid-program> records and warn otherwise. -(define-with-syntax-properties (ensure-setuid-program-list (lst properties)) - (%ensure-setuid-program-list lst properties)) - -;; We want to be able to use defines, so define a procedure. -(define (%ensure-setuid-program-list lst properties) - (define warned? #f) - - (define (warn-once) - (unless warned? - (warning (source-properties->location properties) - (G_ "representing setuid programs with file-like objects is \ -deprecated; use 'setuid-program' instead~%")) - (set! warned? #t))) - - (map (match-lambda - ((? setuid-program? program) - program) - (program - ;; PROGRAM is a file-like or a gexp like #~(string-append #$foo - ;; "/bin/bar"). - (warn-once) - (setuid-program (program program)))) - lst)) - (define %setuid-programs ;; Default set of setuid-root programs. (let ((shadow (@ (gnu packages admin) shadow))) |