public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Create setuid wrappers for a few programs (su and passwd). This is

Browse Source 
still a bit ad hoc, but it works.

svn path=/nixos/trunk/; revision=7163
This commit is contained in:
Eelco Dolstra 2006-11-28 17:34:27 +00:00
parent 4b3525fa80
commit 39ac293b58
6 changed files with 39 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
boot/boot-stage-2-init.sh
View File

@ -135,7 +135,7 @@ EOF
# Additional path for the interactive shell. # Additional path for the interactive shell.
PATH=@fullPath@/bin:@fullPath@/sbin PATH=@wrapperDir@:@fullPath@/bin:@fullPath@/sbin
cat > /etc/profile <<EOF cat > /etc/profile <<EOF
export PATH=$PATH export PATH=$PATH
@ -152,6 +152,19 @@ fi
EOF EOF
# Make a few setuid programs work.
wrapperDir=@wrapperDir@
if test -d $wrapperDir; then rm -f $wrapperDir/*; fi
mkdir -p $wrapperDir
for i in passwd su; do
program=$(type -tp $i)
cp $(type -tp setuid-wrapper) $wrapperDir/$i
echo -n $program > $wrapperDir/$i.real
chown root.root $wrapperDir/$i
chmod 4755 $wrapperDir/$i
done
# Set the host name. # Set the host name.
hostname @hostName@ hostname @hostName@

5
boot/boot-stage-2.nix
View File

@ -1,5 +1,5 @@
{ genericSubstituter, buildEnv, shell, coreutils, findutils { genericSubstituter, buildEnv, shell, coreutils, findutils
, utillinux, kernel, udev, upstart , utillinux, kernel, udev, upstart, setuidWrapper
, path ? [] , path ? []
, # Whether the root device is root only. If so, we'll mount a , # Whether the root device is root only. If so, we'll mount a
@ -20,6 +20,7 @@ let
utillinux utillinux
udev udev
upstart upstart
setuidWrapper
]; ];
in in
@ -41,5 +42,5 @@ genericSubstituter {
ignoreCollisions = true; ignoreCollisions = true;
}; };
extraPath = path; wrapperDir = setuidWrapper.wrapperDir;
} }

7
configuration/boot-environment.nix
View File

@ -179,11 +179,18 @@ rec {
}; };
setuidWrapper = import ../helpers/setuid {
inherit (pkgs) stdenv;
wrapperDir = "/var/setuid-wrappers";
};
# The init script of boot stage 2, which is supposed to do # The init script of boot stage 2, which is supposed to do
# everything else to bring up the system. # everything else to bring up the system.
bootStage2 = import ../boot/boot-stage-2.nix { bootStage2 = import ../boot/boot-stage-2.nix {
inherit (pkgs) genericSubstituter buildEnv coreutils findutils inherit (pkgs) genericSubstituter buildEnv coreutils findutils
utillinux kernel udev upstart; utillinux kernel udev upstart;
inherit setuidWrapper;
inherit upstartJobs; inherit upstartJobs;
shell = pkgs.bash + "/bin/sh"; shell = pkgs.bash + "/bin/sh";

5
helpers/setuid/builder.sh Normal file
View File

@ -0,0 +1,5 @@
source $stdenv/setup
ensureDir $out/bin
gcc -Wall -O2 -DWRAPPER_DIR=\"$wrapperDir\" $setuidWrapper -o $out/bin/setuid-wrapper

8
helpers/setuid/default.nix Normal file
View File

@ -0,0 +1,8 @@
{stdenv, wrapperDir}:
stdenv.mkDerivation {
name = "setuid-wrapper";
builder = ./builder.sh;
setuidWrapper = ./setuid-wrapper.c;
inherit wrapperDir;
}

2
helpers/setuid/setuid-wrapper.c
View File

@ -9,7 +9,7 @@
extern char **environ; extern char **environ;
static char * wrapperDir = "/home/root/nixos/helpers/setuid"; static char * wrapperDir = WRAPPER_DIR;
int main(int argc, char * * argv) int main(int argc, char * * argv)
{ {