[Nix-dev] sudo-1.7.2 lost its setuid bit

Michael Raskin 7c6f434c at mail.ru
Wed Dec 2 10:49:23 CET 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bill Trost wrote:
>  1) How did this happen? Is it peculiar to my configuration?

By design files in store never have setuid bit. Rationale: store should
not be modified after installation and installation can be invoked by
malicious user to install a package with known security vulnerabilities.

>  2) How do I fix it? I tried uninstalling and reinstalling,
>  but that was insufficient because a user-environment and
>  env-manifest entries in the store point to sudo. I'm
>  leery of deleting those for fear of making a total mess.

In NixOS, there are setuid-wrappers that just call the unwrapped
counterparts. They are installed by root and refer to store paths built
from expressions mentioned by root.

In NixPkgs, there may be no ready solution..
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJLFjgiAAoJEE6tnN0aWvw3WqMH/Rmj/RbdHOCEl4Djvh3WMjfI
BGlAvnDvIC9OI3thQXchWz2qgePUCW36/wFlqYc9aovYnNPgE0H4J3EqMxo6ggYj
sp3SrCunSI7Rw601MAEEnt8GF8q99C+u0yMFZA8GUFUjkga39eGCuv5Z9abvuMoq
ra297OT6q5oXbF8h78GgIyMgAQqXUyEnjgNpq61MVRx3I0P2rxtVPdeAObNcG8YW
rr/6PuRpincU4bjqtllPDPuoI/e+CWiTonRxs8i9SeM7wxtNpCpv98LQCodCtU56
R/V1PogPdcPU4kqEzaiTaIEc82bxhbTuqkvTbByKwzcdcDwmJQpfGgAPgGQIOIs=
=sg/F
-----END PGP SIGNATURE-----



More information about the nix-dev mailing list