From 4993eac25ce2737fc45aec08f21226f523405804 Mon Sep 17 00:00:00 2001 From: ng0 Date: Wed, 23 Oct 2019 21:51:46 +0000 Subject: remove never working setuid helper code from the build-system. refer to the Changelog for a longer reason. In conclusion, this is what people expect, this is what Package Managers patch away for portability, and we can't use install(1) for this because it's not a portable tool. --- ChangeLog | 11 +++++++++++ README | 26 ++++++++++++++++++++++++++ src/dns/Makefile.am | 17 ----------------- src/dns/install-dns-helper.sh | 12 ------------ src/exit/Makefile.am | 13 ------------- src/exit/install-exit-helper.sh | 5 ----- src/nat/Makefile.am | 18 ------------------ src/nat/install-nat-helper.sh | 5 ----- src/transport/Makefile.am | 20 -------------------- src/transport/install-bluetooth-helper.sh | 5 ----- src/transport/install-wlan-helper.sh | 5 ----- src/vpn/Makefile.am | 13 ------------- src/vpn/install-vpn-helper.sh | 5 ----- 13 files changed, 37 insertions(+), 118 deletions(-) delete mode 100755 src/dns/install-dns-helper.sh delete mode 100755 src/exit/install-exit-helper.sh delete mode 100755 src/nat/install-nat-helper.sh delete mode 100755 src/transport/install-bluetooth-helper.sh delete mode 100755 src/transport/install-wlan-helper.sh delete mode 100755 src/vpn/install-vpn-helper.sh diff --git a/ChangeLog b/ChangeLog index e835da236..8c24a7e5f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,14 @@ +Wed Oct 23 00:00:00 UTC 2019 + Remove setuid helpers. They never worked as intended. The + fixed version is not portable and the defacto good way to + handle this which is most portable is to let package managers + handle this (as they do right now, the good ones), and let + people handle this who read the documentation. + This commit removes what would be patched out by the majority + of package managers, which is setuid handling in Makefiles. + It is very likely that no one will notice this code is gone. + -ng0 + Thu Oct 17 00:00:00 UTC 2019 Added support for doas, use it in some places conditionally if sudo is not present. Fixed sudo detection. -ng0 diff --git a/README b/README index 31ab18727..75dd75694 100644 --- a/README +++ b/README @@ -189,6 +189,32 @@ Recommended autotools for compiling the Git version are: more details. However, this leak is just a minor concern. +Notes on setuid +=============== + +For a correct functionality depending on the host OS, you need +to run the equivalent of these steps after installation: + +chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-vpn +chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-vpn +chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-transport-wlan +chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-transport-wlan +chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-transport-bluetooth +chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-transport-bluetooth +chown root $(DESTDIR)$(libexecdir)/gnunet-helper-dns +chgrp $(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns +chmod 4750 $(DESTDIR)$(libexecdir)/gnunet-helper-dns +chgrp $(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns +chown gnunet:$(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns +chmod 2750 $(DESTDIR)$(libexecdir)/gnunet-helper-dns +chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-exit +chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-exit +chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server +chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client +chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server +chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client + + Requirements ============ diff --git a/src/dns/Makefile.am b/src/dns/Makefile.am index 1aea7f09a..d2598bd8a 100644 --- a/src/dns/Makefile.am +++ b/src/dns/Makefile.am @@ -14,25 +14,8 @@ plugindir = $(libdir)/gnunet pkgcfg_DATA = \ dns.conf -if HAVE_SUDO -SUDO_OR_DOAS_BINARY= $(SUDO_BINARY) -else -if HAVE_DOAS_BINARY -SUDO_OR_DOAS_BINARY= $(DOAS_BINARY) -endif -endif - if LINUX HIJACKBIN = gnunet-helper-dns -install-exec-hook: - chown root $(DESTDIR)$(libexecdir)/gnunet-helper-dns - chgrp $(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns - chmod 4750 $(DESTDIR)$(libexecdir)/gnunet-helper-dns - chgrp $(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns - chown gnunet:$(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns - chmod 2750 $(DESTDIR)$(libexecdir)/gnunet-helper-dns -else -install-exec-hook: endif lib_LTLIBRARIES = \ diff --git a/src/dns/install-dns-helper.sh b/src/dns/install-dns-helper.sh deleted file mode 100755 index 14d5caa70..000000000 --- a/src/dns/install-dns-helper.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh -# $1 - bindir -# $2 - gnunetdns group -# $3 - sudo binary (optional) -$3 chown root $1/gnunet-helper-dns -$3 chgrp $2 $1/gnunet-helper-dns -$3 chmod 4750 $1/gnunet-helper-dns -# In case user 'gnunet' does not exist, at least set the group -$3 chgrp $2 $1/gnunet-service-dns -# Usually we want both... -$3 chown gnunet:$2 $1/gnunet-service-dns -$3 chmod 2750 $1/gnunet-service-dns diff --git a/src/exit/Makefile.am b/src/exit/Makefile.am index c45354256..c0323d0d6 100644 --- a/src/exit/Makefile.am +++ b/src/exit/Makefile.am @@ -14,21 +14,8 @@ plugindir = $(libdir)/gnunet dist_pkgcfg_DATA = \ exit.conf -if HAVE_SUDO -SUDO_OR_DOAS_BINARY= $(SUDO_BINARY) -else -if HAVE_DOAS_BINARY -SUDO_OR_DOAS_BINARY= $(DOAS_BINARY) -endif -endif - if LINUX EXITBIN = gnunet-helper-exit -install-exec-hook: - chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-exit - chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-exit -else -install-exec-hook: endif diff --git a/src/exit/install-exit-helper.sh b/src/exit/install-exit-helper.sh deleted file mode 100755 index d9ae14106..000000000 --- a/src/exit/install-exit-helper.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -# $1 - bindir -# $2 - sudo binary (optional) -$2 chown root:root $1/gnunet-helper-exit || true -$2 chmod u+s $1/gnunet-helper-exit || true diff --git a/src/nat/Makefile.am b/src/nat/Makefile.am index 2c04741da..67f5e4dbc 100644 --- a/src/nat/Makefile.am +++ b/src/nat/Makefile.am @@ -8,33 +8,15 @@ pkgcfgdir= $(pkgdatadir)/config.d/ pkgcfg_DATA = \ nat.conf -if HAVE_SUDO -SUDO_OR_DOAS_BINARY= $(SUDO_BINARY) -else -if HAVE_DOAS_BINARY -SUDO_OR_DOAS_BINARY= $(DOAS_BINARY) -endif -endif - if LINUX NATBIN = gnunet-helper-nat-server gnunet-helper-nat-client NATSERVER = gnunet-helper-nat-server.c NATCLIENT = gnunet-helper-nat-client.c -install-exec-hook: - chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server - chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client - chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server - chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client else if XFREEBSD NATBIN = gnunet-helper-nat-server gnunet-helper-nat-client NATSERVER = gnunet-helper-nat-server.c NATCLIENT = gnunet-helper-nat-client.c -install-exec-hook: - chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server - chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client - chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server - chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client endif else install-exec-hook: diff --git a/src/nat/install-nat-helper.sh b/src/nat/install-nat-helper.sh deleted file mode 100755 index d5ee91fa3..000000000 --- a/src/nat/install-nat-helper.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -# $1 - bindir -# $2 - sudo binary (optional) -$2 chown root:root $1/gnunet-helper-nat-server $1/gnunet-helper-nat-client || true -$2 chmod u+s $1/gnunet-helper-nat-server $1/gnunet-helper-nat-client || true diff --git a/src/transport/Makefile.am b/src/transport/Makefile.am index b690fa345..8221b7847 100644 --- a/src/transport/Makefile.am +++ b/src/transport/Makefile.am @@ -93,26 +93,6 @@ if LINUX test_quota_compliance_wlan_asymmetric endif -if HAVE_SUDO -SUDO_OR_DOAS_BINARY= $(SUDO_BINARY) -else -if HAVE_DOAS_BINARY -SUDO_OR_DOAS_BINARY= $(DOAS_BINARY) -endif -endif - -if LINUX -install-exec-hook: - chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-transport-wlan - chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-transport-wlan -if HAVE_LIBBLUETOOTH - chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-transport-bluetooth - chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-transport-bluetooth -endif -else -install-exec-hook: -endif - if LINUX if HAVE_LIBBLUETOOTH BT_BIN = gnunet-helper-transport-bluetooth diff --git a/src/transport/install-bluetooth-helper.sh b/src/transport/install-bluetooth-helper.sh deleted file mode 100755 index 5c40250fa..000000000 --- a/src/transport/install-bluetooth-helper.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -# $1 - bindir -# $2 - sudo binary (optional) -$2 chown root:root $1/gnunet-helper-transport-bluetooth || true -$2 chmod u+s $1/gnunet-helper-transport-bluetooth || true diff --git a/src/transport/install-wlan-helper.sh b/src/transport/install-wlan-helper.sh deleted file mode 100755 index 0fa9c9806..000000000 --- a/src/transport/install-wlan-helper.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -# $1 - bindir -# $2 - sudo binary (optional) -$2 chown root:root $1/gnunet-helper-transport-wlan || true -$2 chmod u+s $1/gnunet-helper-transport-wlan || true diff --git a/src/vpn/Makefile.am b/src/vpn/Makefile.am index 9992fa5ed..407d8ba92 100644 --- a/src/vpn/Makefile.am +++ b/src/vpn/Makefile.am @@ -14,21 +14,8 @@ plugindir = $(libdir)/gnunet pkgcfg_DATA = \ vpn.conf -if HAVE_SUDO -SUDO_OR_DOAS_BINARY= $(SUDO_BINARY) -else -if HAVE_DOAS_BINARY -SUDO_OR_DOAS_BINARY= $(DOAS_BINARY) -endif -endif - if LINUX VPNBIN = gnunet-helper-vpn -install-exec-hook: - chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-vpn - chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-vpn -else -install-exec-hook: endif diff --git a/src/vpn/install-vpn-helper.sh b/src/vpn/install-vpn-helper.sh deleted file mode 100755 index 086dabb67..000000000 --- a/src/vpn/install-vpn-helper.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -# $1 - bindir -# $2 - sudo binary (optional) -$2 chown root:root $1/gnunet-helper-vpn || true -$2 chmod u+s $1/gnunet-helper-vpn || true -- cgit v1.2.3