[Nix-dev] setuid-wrappers
Yury G. Kudryashov
urkud+nix at ya.ru
Fri May 14 23:09:11 CEST 2010
Hi!
It seems that I found a nice way to fool packages about suid wrappers.
The problem: some packages hardcode paths to their $out/libexec/* suid
helpers.
My solution:
In post-install:
mv $out/libexec/helper $out/libexec/.helper.orig
echo "exec /var/setuid-wrappers/helper" > $out/libexec/helper
chmod +x $out/libexec/helper
Probably, we should use something like "if [[ -x /var/setuid-wrappers/helper
]]; then exec it, else exec .helper.orig".
In NixOS module:
setuidOwners = [ { source = "${package}/libexec/.helper.orig; program =
"helper"; ... } ];
Any comments?
More information about the nix-dev
mailing list