public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Make the set of setuid programs configurable.

Browse Source 
* Make crontab setuid.

svn path=/nixos/trunk/; revision=7636
This commit is contained in:
Eelco Dolstra 2007-01-11 16:29:23 +00:00
parent 6b364875f9
commit 580f98f1ed
3 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
system/activate-configuration.sh
View File

@ -121,7 +121,7 @@ ln -sf /nix/var/nix/profiles /nix/var/nix/gcroots/
wrapperDir=@wrapperDir@ wrapperDir=@wrapperDir@
if test -d $wrapperDir; then rm -f $wrapperDir/*; fi if test -d $wrapperDir; then rm -f $wrapperDir/*; fi
mkdir -p $wrapperDir mkdir -p $wrapperDir
for i in passwd su; do for i in @setuidPrograms@; do
program=$(type -tp $i) program=$(type -tp $i)
cp $(type -tp setuid-wrapper) $wrapperDir/$i cp $(type -tp setuid-wrapper) $wrapperDir/$i
echo -n $program > $wrapperDir/$i.real echo -n $program > $wrapperDir/$i.real

10
system/options.nix
View File

@ -523,4 +523,14 @@
} }
{
name = ["security" "setuidPrograms"];
default = ["passwd" "su" "crontab"];
description = "
Only the programs listed here will be made setuid root (through
a wrapper program).
";
}
] ]

1
system/system.nix
View File

@ -189,6 +189,7 @@ rec {
inherit (pkgs) kernel; inherit (pkgs) kernel;
readOnlyRoot = config.get ["boot" "readOnlyRoot"]; readOnlyRoot = config.get ["boot" "readOnlyRoot"];
hostName = config.get ["networking" "hostName"]; hostName = config.get ["networking" "hostName"];
setuidPrograms = config.get ["security" "setuidPrograms"];
wrapperDir = setuidWrapper.wrapperDir; wrapperDir = setuidWrapper.wrapperDir;
path = [ path = [