summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorng0 <ng0@n0.is>2019-10-23 21:51:46 +0000
committerng0 <ng0@n0.is>2019-10-23 21:51:46 +0000
commit4993eac25ce2737fc45aec08f21226f523405804 (patch)
treea32a054c36102aa712a17b9b27be14b72fa8557b
parent0c13e270c31ef2896d56eb3d53ac7a5714ea1e58 (diff)
remove never working setuid helper code from the build-system.
refer to the Changelog for a longer reason. In conclusion, this is what people expect, this is what Package Managers patch away for portability, and we can't use install(1) for this because it's not a portable tool.
-rw-r--r--ChangeLog11
-rw-r--r--README26
-rw-r--r--src/dns/Makefile.am17
-rwxr-xr-xsrc/dns/install-dns-helper.sh12
-rw-r--r--src/exit/Makefile.am13
-rwxr-xr-xsrc/exit/install-exit-helper.sh5
-rw-r--r--src/nat/Makefile.am18
-rwxr-xr-xsrc/nat/install-nat-helper.sh5
-rw-r--r--src/transport/Makefile.am20
-rwxr-xr-xsrc/transport/install-bluetooth-helper.sh5
-rwxr-xr-xsrc/transport/install-wlan-helper.sh5
-rw-r--r--src/vpn/Makefile.am13
-rwxr-xr-xsrc/vpn/install-vpn-helper.sh5
13 files changed, 37 insertions, 118 deletions
diff --git a/ChangeLog b/ChangeLog
index e835da236..8c24a7e5f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+Wed Oct 23 00:00:00 UTC 2019
+ Remove setuid helpers. They never worked as intended. The
+ fixed version is not portable and the defacto good way to
+ handle this which is most portable is to let package managers
+ handle this (as they do right now, the good ones), and let
+ people handle this who read the documentation.
+ This commit removes what would be patched out by the majority
+ of package managers, which is setuid handling in Makefiles.
+ It is very likely that no one will notice this code is gone.
+ -ng0
+
Thu Oct 17 00:00:00 UTC 2019
Added support for doas, use it in some places conditionally
if sudo is not present. Fixed sudo detection. -ng0
diff --git a/README b/README
index 31ab18727..75dd75694 100644
--- a/README
+++ b/README
@@ -189,6 +189,32 @@ Recommended autotools for compiling the Git version are:
more details.
However, this leak is just a minor concern.
+Notes on setuid
+===============
+
+For a correct functionality depending on the host OS, you need
+to run the equivalent of these steps after installation:
+
+chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-vpn
+chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-vpn
+chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-transport-wlan
+chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-transport-wlan
+chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-transport-bluetooth
+chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-transport-bluetooth
+chown root $(DESTDIR)$(libexecdir)/gnunet-helper-dns
+chgrp $(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns
+chmod 4750 $(DESTDIR)$(libexecdir)/gnunet-helper-dns
+chgrp $(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns
+chown gnunet:$(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns
+chmod 2750 $(DESTDIR)$(libexecdir)/gnunet-helper-dns
+chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-exit
+chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-exit
+chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server
+chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client
+chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server
+chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client
+
+
Requirements
============
diff --git a/src/dns/Makefile.am b/src/dns/Makefile.am
index 1aea7f09a..d2598bd8a 100644
--- a/src/dns/Makefile.am
+++ b/src/dns/Makefile.am
@@ -14,25 +14,8 @@ plugindir = $(libdir)/gnunet
pkgcfg_DATA = \
dns.conf
-if HAVE_SUDO
-SUDO_OR_DOAS_BINARY= $(SUDO_BINARY)
-else
-if HAVE_DOAS_BINARY
-SUDO_OR_DOAS_BINARY= $(DOAS_BINARY)
-endif
-endif
-
if LINUX
HIJACKBIN = gnunet-helper-dns
-install-exec-hook:
- chown root $(DESTDIR)$(libexecdir)/gnunet-helper-dns
- chgrp $(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns
- chmod 4750 $(DESTDIR)$(libexecdir)/gnunet-helper-dns
- chgrp $(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns
- chown gnunet:$(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns
- chmod 2750 $(DESTDIR)$(libexecdir)/gnunet-helper-dns
-else
-install-exec-hook:
endif
lib_LTLIBRARIES = \
diff --git a/src/dns/install-dns-helper.sh b/src/dns/install-dns-helper.sh
deleted file mode 100755
index 14d5caa70..000000000
--- a/src/dns/install-dns-helper.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/sh
-# $1 - bindir
-# $2 - gnunetdns group
-# $3 - sudo binary (optional)
-$3 chown root $1/gnunet-helper-dns
-$3 chgrp $2 $1/gnunet-helper-dns
-$3 chmod 4750 $1/gnunet-helper-dns
-# In case user 'gnunet' does not exist, at least set the group
-$3 chgrp $2 $1/gnunet-service-dns
-# Usually we want both...
-$3 chown gnunet:$2 $1/gnunet-service-dns
-$3 chmod 2750 $1/gnunet-service-dns
diff --git a/src/exit/Makefile.am b/src/exit/Makefile.am
index c45354256..c0323d0d6 100644
--- a/src/exit/Makefile.am
+++ b/src/exit/Makefile.am
@@ -14,21 +14,8 @@ plugindir = $(libdir)/gnunet
dist_pkgcfg_DATA = \
exit.conf
-if HAVE_SUDO
-SUDO_OR_DOAS_BINARY= $(SUDO_BINARY)
-else
-if HAVE_DOAS_BINARY
-SUDO_OR_DOAS_BINARY= $(DOAS_BINARY)
-endif
-endif
-
if LINUX
EXITBIN = gnunet-helper-exit
-install-exec-hook:
- chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-exit
- chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-exit
-else
-install-exec-hook:
endif
diff --git a/src/exit/install-exit-helper.sh b/src/exit/install-exit-helper.sh
deleted file mode 100755
index d9ae14106..000000000
--- a/src/exit/install-exit-helper.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-# $1 - bindir
-# $2 - sudo binary (optional)
-$2 chown root:root $1/gnunet-helper-exit || true
-$2 chmod u+s $1/gnunet-helper-exit || true
diff --git a/src/nat/Makefile.am b/src/nat/Makefile.am
index 2c04741da..67f5e4dbc 100644
--- a/src/nat/Makefile.am
+++ b/src/nat/Makefile.am
@@ -8,33 +8,15 @@ pkgcfgdir= $(pkgdatadir)/config.d/
pkgcfg_DATA = \
nat.conf
-if HAVE_SUDO
-SUDO_OR_DOAS_BINARY= $(SUDO_BINARY)
-else
-if HAVE_DOAS_BINARY
-SUDO_OR_DOAS_BINARY= $(DOAS_BINARY)
-endif
-endif
-
if LINUX
NATBIN = gnunet-helper-nat-server gnunet-helper-nat-client
NATSERVER = gnunet-helper-nat-server.c
NATCLIENT = gnunet-helper-nat-client.c
-install-exec-hook:
- chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server
- chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client
- chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server
- chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client
else
if XFREEBSD
NATBIN = gnunet-helper-nat-server gnunet-helper-nat-client
NATSERVER = gnunet-helper-nat-server.c
NATCLIENT = gnunet-helper-nat-client.c
-install-exec-hook:
- chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server
- chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client
- chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server
- chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client
endif
else
install-exec-hook:
diff --git a/src/nat/install-nat-helper.sh b/src/nat/install-nat-helper.sh
deleted file mode 100755
index d5ee91fa3..000000000
--- a/src/nat/install-nat-helper.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-# $1 - bindir
-# $2 - sudo binary (optional)
-$2 chown root:root $1/gnunet-helper-nat-server $1/gnunet-helper-nat-client || true
-$2 chmod u+s $1/gnunet-helper-nat-server $1/gnunet-helper-nat-client || true
diff --git a/src/transport/Makefile.am b/src/transport/Makefile.am
index b690fa345..8221b7847 100644
--- a/src/transport/Makefile.am
+++ b/src/transport/Makefile.am
@@ -93,26 +93,6 @@ if LINUX
test_quota_compliance_wlan_asymmetric
endif
-if HAVE_SUDO
-SUDO_OR_DOAS_BINARY= $(SUDO_BINARY)
-else
-if HAVE_DOAS_BINARY
-SUDO_OR_DOAS_BINARY= $(DOAS_BINARY)
-endif
-endif
-
-if LINUX
-install-exec-hook:
- chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-transport-wlan
- chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-transport-wlan
-if HAVE_LIBBLUETOOTH
- chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-transport-bluetooth
- chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-transport-bluetooth
-endif
-else
-install-exec-hook:
-endif
-
if LINUX
if HAVE_LIBBLUETOOTH
BT_BIN = gnunet-helper-transport-bluetooth
diff --git a/src/transport/install-bluetooth-helper.sh b/src/transport/install-bluetooth-helper.sh
deleted file mode 100755
index 5c40250fa..000000000
--- a/src/transport/install-bluetooth-helper.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-# $1 - bindir
-# $2 - sudo binary (optional)
-$2 chown root:root $1/gnunet-helper-transport-bluetooth || true
-$2 chmod u+s $1/gnunet-helper-transport-bluetooth || true
diff --git a/src/transport/install-wlan-helper.sh b/src/transport/install-wlan-helper.sh
deleted file mode 100755
index 0fa9c9806..000000000
--- a/src/transport/install-wlan-helper.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-# $1 - bindir
-# $2 - sudo binary (optional)
-$2 chown root:root $1/gnunet-helper-transport-wlan || true
-$2 chmod u+s $1/gnunet-helper-transport-wlan || true
diff --git a/src/vpn/Makefile.am b/src/vpn/Makefile.am
index 9992fa5ed..407d8ba92 100644
--- a/src/vpn/Makefile.am
+++ b/src/vpn/Makefile.am
@@ -14,21 +14,8 @@ plugindir = $(libdir)/gnunet
pkgcfg_DATA = \
vpn.conf
-if HAVE_SUDO
-SUDO_OR_DOAS_BINARY= $(SUDO_BINARY)
-else
-if HAVE_DOAS_BINARY
-SUDO_OR_DOAS_BINARY= $(DOAS_BINARY)
-endif
-endif
-
if LINUX
VPNBIN = gnunet-helper-vpn
-install-exec-hook:
- chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-vpn
- chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-vpn
-else
-install-exec-hook:
endif
diff --git a/src/vpn/install-vpn-helper.sh b/src/vpn/install-vpn-helper.sh
deleted file mode 100755
index 086dabb67..000000000
--- a/src/vpn/install-vpn-helper.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-# $1 - bindir
-# $2 - sudo binary (optional)
-$2 chown root:root $1/gnunet-helper-vpn || true
-$2 chmod u+s $1/gnunet-helper-vpn || true