gnunet-svn
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnunet] branch master updated: remove never working setuid


From: gnunet
Subject: [GNUnet-SVN] [gnunet] branch master updated: remove never working setuid helper code from the build-system. refer to the Changelog for a longer reason. In conclusion, this is what people expect, this is what Package Managers patch away for portability, and we can't use install(1) for this because it's not a portable tool.
Date: Wed, 23 Oct 2019 23:56:12 +0200

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to branch master
in repository gnunet.

The following commit(s) were added to refs/heads/master by this push:
     new 4993eac25 remove never working setuid helper code from the 
build-system. refer to the Changelog for a longer reason. In conclusion, this 
is what people expect, this is what Package Managers patch away for 
portability, and we can't use install(1) for this because it's not a portable 
tool.
4993eac25 is described below

commit 4993eac25ce2737fc45aec08f21226f523405804
Author: ng0 <address@hidden>
AuthorDate: Wed Oct 23 21:51:46 2019 +0000

    remove never working setuid helper code from the build-system.
    refer to the Changelog for a longer reason. In conclusion, this
    is what people expect, this is what Package Managers patch away
    for portability, and we can't use install(1) for this because
    it's not a portable tool.
---
 ChangeLog                                 | 11 +++++++++++
 README                                    | 26 ++++++++++++++++++++++++++
 src/dns/Makefile.am                       | 17 -----------------
 src/dns/install-dns-helper.sh             | 12 ------------
 src/exit/Makefile.am                      | 13 -------------
 src/exit/install-exit-helper.sh           |  5 -----
 src/nat/Makefile.am                       | 18 ------------------
 src/nat/install-nat-helper.sh             |  5 -----
 src/transport/Makefile.am                 | 20 --------------------
 src/transport/install-bluetooth-helper.sh |  5 -----
 src/transport/install-wlan-helper.sh      |  5 -----
 src/vpn/Makefile.am                       | 13 -------------
 src/vpn/install-vpn-helper.sh             |  5 -----
 13 files changed, 37 insertions(+), 118 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index e835da236..8c24a7e5f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+Wed Oct 23 00:00:00 UTC 2019
+  Remove setuid helpers. They never worked as intended. The
+  fixed version is not portable and the defacto good way to
+  handle this which is most portable is to let package managers
+  handle this (as they do right now, the good ones), and let
+  people handle this who read the documentation.
+  This commit removes what would be patched out by the majority
+  of package managers, which is setuid handling in Makefiles.
+  It is very likely that no one will notice this code is gone.
+  -ng0
+
 Thu Oct 17 00:00:00 UTC 2019
   Added support for doas, use it in some places conditionally
   if sudo is not present. Fixed sudo detection. -ng0
diff --git a/README b/README
index 31ab18727..75dd75694 100644
--- a/README
+++ b/README
@@ -189,6 +189,32 @@ Recommended autotools for compiling the Git version are:
      more details.
      However, this leak is just a minor concern.
 
+Notes on setuid
+===============
+
+For a correct functionality depending on the host OS, you need
+to run the equivalent of these steps after installation:
+
+chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-vpn
+chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-vpn
+chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-transport-wlan
+chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-transport-wlan
+chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-transport-bluetooth
+chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-transport-bluetooth
+chown root $(DESTDIR)$(libexecdir)/gnunet-helper-dns
+chgrp $(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns
+chmod 4750 $(DESTDIR)$(libexecdir)/gnunet-helper-dns
+chgrp $(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns
+chown gnunet:$(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns
+chmod 2750 $(DESTDIR)$(libexecdir)/gnunet-helper-dns
+chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-exit
+chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-exit
+chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server
+chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client
+chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server
+chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client
+
+
 Requirements
 ============
 
diff --git a/src/dns/Makefile.am b/src/dns/Makefile.am
index 1aea7f09a..d2598bd8a 100644
--- a/src/dns/Makefile.am
+++ b/src/dns/Makefile.am
@@ -14,25 +14,8 @@ plugindir = $(libdir)/gnunet
 pkgcfg_DATA = \
   dns.conf
 
-if HAVE_SUDO
-SUDO_OR_DOAS_BINARY= $(SUDO_BINARY)
-else
-if HAVE_DOAS_BINARY
-SUDO_OR_DOAS_BINARY= $(DOAS_BINARY)
-endif
-endif
-
 if LINUX
 HIJACKBIN = gnunet-helper-dns
-install-exec-hook:
-       chown root $(DESTDIR)$(libexecdir)/gnunet-helper-dns
-       chgrp $(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns
-       chmod 4750 $(DESTDIR)$(libexecdir)/gnunet-helper-dns
-       chgrp $(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns
-       chown gnunet:$(GNUNETDNS_GROUP) 
$(DESTDIR)$(libexecdir)/gnunet-helper-dns
-       chmod 2750 $(DESTDIR)$(libexecdir)/gnunet-helper-dns
-else
-install-exec-hook:
 endif
 
 lib_LTLIBRARIES = \
diff --git a/src/dns/install-dns-helper.sh b/src/dns/install-dns-helper.sh
deleted file mode 100755
index 14d5caa70..000000000
--- a/src/dns/install-dns-helper.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/sh
-# $1 - bindir
-# $2 - gnunetdns group
-# $3 - sudo binary (optional)
-$3 chown root $1/gnunet-helper-dns
-$3 chgrp $2 $1/gnunet-helper-dns
-$3 chmod 4750 $1/gnunet-helper-dns
-# In case user 'gnunet' does not exist, at least set the group
-$3 chgrp $2 $1/gnunet-service-dns
-# Usually we want both...
-$3 chown gnunet:$2 $1/gnunet-service-dns
-$3 chmod 2750 $1/gnunet-service-dns
diff --git a/src/exit/Makefile.am b/src/exit/Makefile.am
index c45354256..c0323d0d6 100644
--- a/src/exit/Makefile.am
+++ b/src/exit/Makefile.am
@@ -14,21 +14,8 @@ plugindir = $(libdir)/gnunet
 dist_pkgcfg_DATA = \
   exit.conf
 
-if HAVE_SUDO
-SUDO_OR_DOAS_BINARY= $(SUDO_BINARY)
-else
-if HAVE_DOAS_BINARY
-SUDO_OR_DOAS_BINARY= $(DOAS_BINARY)
-endif
-endif
-
 if LINUX
 EXITBIN = gnunet-helper-exit
-install-exec-hook:
-       chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-exit
-       chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-exit
-else
-install-exec-hook:
 endif
 
 
diff --git a/src/exit/install-exit-helper.sh b/src/exit/install-exit-helper.sh
deleted file mode 100755
index d9ae14106..000000000
--- a/src/exit/install-exit-helper.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-# $1 - bindir
-# $2 - sudo binary (optional)
-$2 chown root:root $1/gnunet-helper-exit || true
-$2 chmod u+s $1/gnunet-helper-exit || true
diff --git a/src/nat/Makefile.am b/src/nat/Makefile.am
index 2c04741da..67f5e4dbc 100644
--- a/src/nat/Makefile.am
+++ b/src/nat/Makefile.am
@@ -8,33 +8,15 @@ pkgcfgdir= $(pkgdatadir)/config.d/
 pkgcfg_DATA = \
   nat.conf
 
-if HAVE_SUDO
-SUDO_OR_DOAS_BINARY= $(SUDO_BINARY)
-else
-if HAVE_DOAS_BINARY
-SUDO_OR_DOAS_BINARY= $(DOAS_BINARY)
-endif
-endif
-
 if LINUX
   NATBIN = gnunet-helper-nat-server gnunet-helper-nat-client
   NATSERVER = gnunet-helper-nat-server.c
   NATCLIENT = gnunet-helper-nat-client.c
-install-exec-hook:
-       chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server
-       chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client
-       chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server
-       chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client
 else
 if XFREEBSD
   NATBIN = gnunet-helper-nat-server gnunet-helper-nat-client
   NATSERVER = gnunet-helper-nat-server.c
   NATCLIENT = gnunet-helper-nat-client.c
-install-exec-hook:
-       chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server
-       chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client
-       chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server
-       chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client
 endif
 else
 install-exec-hook:
diff --git a/src/nat/install-nat-helper.sh b/src/nat/install-nat-helper.sh
deleted file mode 100755
index d5ee91fa3..000000000
--- a/src/nat/install-nat-helper.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-# $1 - bindir
-# $2 - sudo binary (optional)
-$2 chown root:root $1/gnunet-helper-nat-server $1/gnunet-helper-nat-client || 
true
-$2 chmod u+s $1/gnunet-helper-nat-server $1/gnunet-helper-nat-client || true
diff --git a/src/transport/Makefile.am b/src/transport/Makefile.am
index b690fa345..8221b7847 100644
--- a/src/transport/Makefile.am
+++ b/src/transport/Makefile.am
@@ -93,26 +93,6 @@ if LINUX
                test_quota_compliance_wlan_asymmetric
 endif
 
-if HAVE_SUDO
-SUDO_OR_DOAS_BINARY= $(SUDO_BINARY)
-else
-if HAVE_DOAS_BINARY
-SUDO_OR_DOAS_BINARY= $(DOAS_BINARY)
-endif
-endif
-
-if LINUX
-install-exec-hook:
-       chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-transport-wlan
-       chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-transport-wlan
-if HAVE_LIBBLUETOOTH
-       chown root:root 
$(DESTDIR)$(libexecdir)/gnunet-helper-transport-bluetooth
-       chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-transport-bluetooth
-endif
-else
-install-exec-hook:
-endif
-
 if LINUX
 if HAVE_LIBBLUETOOTH
  BT_BIN = gnunet-helper-transport-bluetooth
diff --git a/src/transport/install-bluetooth-helper.sh 
b/src/transport/install-bluetooth-helper.sh
deleted file mode 100755
index 5c40250fa..000000000
--- a/src/transport/install-bluetooth-helper.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-# $1 - bindir
-# $2 - sudo binary (optional)
-$2 chown root:root $1/gnunet-helper-transport-bluetooth || true
-$2 chmod u+s $1/gnunet-helper-transport-bluetooth || true
diff --git a/src/transport/install-wlan-helper.sh 
b/src/transport/install-wlan-helper.sh
deleted file mode 100755
index 0fa9c9806..000000000
--- a/src/transport/install-wlan-helper.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-# $1 - bindir
-# $2 - sudo binary (optional)
-$2 chown root:root $1/gnunet-helper-transport-wlan || true
-$2 chmod u+s $1/gnunet-helper-transport-wlan || true
diff --git a/src/vpn/Makefile.am b/src/vpn/Makefile.am
index 9992fa5ed..407d8ba92 100644
--- a/src/vpn/Makefile.am
+++ b/src/vpn/Makefile.am
@@ -14,21 +14,8 @@ plugindir = $(libdir)/gnunet
 pkgcfg_DATA = \
   vpn.conf
 
-if HAVE_SUDO
-SUDO_OR_DOAS_BINARY= $(SUDO_BINARY)
-else
-if HAVE_DOAS_BINARY
-SUDO_OR_DOAS_BINARY= $(DOAS_BINARY)
-endif
-endif
-
 if LINUX
 VPNBIN = gnunet-helper-vpn
-install-exec-hook:
-       chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-vpn
-       chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-vpn
-else
-install-exec-hook:
 endif
 
 
diff --git a/src/vpn/install-vpn-helper.sh b/src/vpn/install-vpn-helper.sh
deleted file mode 100755
index 086dabb67..000000000
--- a/src/vpn/install-vpn-helper.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-# $1 - bindir
-# $2 - sudo binary (optional)
-$2 chown root:root $1/gnunet-helper-vpn || true
-$2 chmod u+s $1/gnunet-helper-vpn || true

-- 
To stop receiving notification emails like this one, please contact
address@hidden.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]