From 0dffb851e0feced94742ad024f245b925c503fa2 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Sun, 23 Oct 2022 02:00:00 +0200 Subject: system: Disallow file-like setuid-programs. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It has been a warning for well over a year now. Now, with privileged-programs coming, don't let's support nested deprecation hacks. * gnu/system.scm (): Don't ‘sanitize’ the setuid-programs field. (ensure-setuid-program-list): Delete syntax. (%ensure-setuid-program-list): Delete variable. --- gnu/system.scm | 28 +--------------------------- 1 file changed, 1 insertion(+), 27 deletions(-) (limited to 'gnu/system.scm') diff --git a/gnu/system.scm b/gnu/system.scm index c76f4d7c50..5c18edd620 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -302,8 +302,7 @@ VERSION is the target version of the boot-parameters record." (pam-services operating-system-pam-services ; list of PAM services (default (base-pam-services))) (setuid-programs operating-system-setuid-programs - (default %setuid-programs) ; list of - (sanitize ensure-setuid-program-list)) + (default %setuid-programs)) ; list of (sudoers-file operating-system-sudoers-file ; file-like (default %sudoers-specification)) @@ -1240,31 +1239,6 @@ use 'plain-file' instead~%") ;; when /etc/machine-id is missing. Make sure these warnings are non-fatal. ("DBUS_FATAL_WARNINGS" . "0"))) -;; Ensure LST is a list of records and warn otherwise. -(define-with-syntax-properties (ensure-setuid-program-list (lst properties)) - (%ensure-setuid-program-list lst properties)) - -;; We want to be able to use defines, so define a procedure. -(define (%ensure-setuid-program-list lst properties) - (define warned? #f) - - (define (warn-once) - (unless warned? - (warning (source-properties->location properties) - (G_ "representing setuid programs with file-like objects is \ -deprecated; use 'setuid-program' instead~%")) - (set! warned? #t))) - - (map (match-lambda - ((? setuid-program? program) - program) - (program - ;; PROGRAM is a file-like or a gexp like #~(string-append #$foo - ;; "/bin/bar"). - (warn-once) - (setuid-program (program program)))) - lst)) - (define %setuid-programs ;; Default set of setuid-root programs. (let ((shadow (@ (gnu packages admin) shadow))) -- cgit v1.2.3