* Create setuid wrappers for a few programs (su and passwd). This is

still a bit ad hoc, but it works. svn path=/nixos/trunk/; revision=7163
2006-11-28 17:34:27 +00:00 · 2006-11-28 17:34:27 +00:00 · 39ac293b58
commit 39ac293b58
parent 4b3525fa80
6 changed files with 39 additions and 5 deletions
--- a/boot/boot-stage-2-init.sh
+++ b/boot/boot-stage-2-init.sh
@ -135,7 +135,7 @@ EOF


 # Additional path for the interactive shell.
-PATH=@fullPath@/bin:@fullPath@/sbin
+PATH=@wrapperDir@:@fullPath@/bin:@fullPath@/sbin

 cat > /etc/profile <<EOF
 export PATH=$PATH
@ -152,6 +152,19 @@ fi
 EOF


+# Make a few setuid programs work.
+wrapperDir=@wrapperDir@
+if test -d $wrapperDir; then rm -f $wrapperDir/*; fi
+mkdir -p $wrapperDir
+for i in passwd su; do
+    program=$(type -tp $i)
+    cp $(type -tp setuid-wrapper) $wrapperDir/$i
+    echo -n $program > $wrapperDir/$i.real
+    chown root.root $wrapperDir/$i
+    chmod 4755 $wrapperDir/$i
+done
+
+
 # Set the host name.
 hostname @hostName@

--- a/boot/boot-stage-2.nix
+++ b/boot/boot-stage-2.nix
@ -1,5 +1,5 @@
 { genericSubstituter, buildEnv, shell, coreutils, findutils
-, utillinux, kernel, udev, upstart
+, utillinux, kernel, udev, upstart, setuidWrapper
 , path ? []

 , # Whether the root device is root only.  If so, we'll mount a
@ -20,6 +20,7 @@ let
    utillinux
    udev
    upstart
+    setuidWrapper
  ];

 in
@ -40,6 +41,6 @@ genericSubstituter {
    pathsToLink = ["/bin" "/sbin" "/man/man1" "/share/man/man1"];
    ignoreCollisions = true;
  };
-  
-  extraPath = path;
+
+  wrapperDir = setuidWrapper.wrapperDir;
 }
--- a/configuration/boot-environment.nix
+++ b/configuration/boot-environment.nix
@ -179,11 +179,18 @@ rec {
  };


+  setuidWrapper = import ../helpers/setuid {
+    inherit (pkgs) stdenv;
+    wrapperDir = "/var/setuid-wrappers";
+  };
+
+
  # The init script of boot stage 2, which is supposed to do
  # everything else to bring up the system.
  bootStage2 = import ../boot/boot-stage-2.nix {
    inherit (pkgs) genericSubstituter buildEnv coreutils findutils
      utillinux kernel udev upstart;
+    inherit setuidWrapper;
    inherit upstartJobs;
    shell = pkgs.bash + "/bin/sh";

--- a/helpers/setuid/builder.sh
+++ b/helpers/setuid/builder.sh
@ -0,0 +1,5 @@
+source $stdenv/setup
+
+ensureDir $out/bin
+
+gcc -Wall -O2 -DWRAPPER_DIR=\"$wrapperDir\" $setuidWrapper -o $out/bin/setuid-wrapper
--- a/helpers/setuid/default.nix
+++ b/helpers/setuid/default.nix
@ -0,0 +1,8 @@
+{stdenv, wrapperDir}:
+
+stdenv.mkDerivation {
+  name = "setuid-wrapper";
+  builder = ./builder.sh;
+  setuidWrapper = ./setuid-wrapper.c;
+  inherit wrapperDir;
+}
--- a/helpers/setuid/setuid-wrapper.c
+++ b/helpers/setuid/setuid-wrapper.c
@ -9,7 +9,7 @@

 extern char **environ;

-static char * wrapperDir = "/home/root/nixos/helpers/setuid";
+static char * wrapperDir = WRAPPER_DIR;

 int main(int argc, char * * argv)
 {