New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can we make "mtr" use a setuid wrapper? #6034

Closed
ctheune opened this Issue Jan 28, 2015 · 5 comments

Comments

Projects
None yet
5 participants
@ctheune
Copy link
Contributor

ctheune commented Jan 28, 2015

I guess the change would basically mean:

security.setuidPrograms = [ "mtr" ];

Is there anything speaking against this?

@wkennington

This comment has been minimized.

Copy link
Contributor

wkennington commented Jan 28, 2015

I'd prefer to leave as few setuid binaries as possible on the system and
let individuals enable setuid for things like MTR.
On Jan 28, 2015 12:01 PM, "Christian Theune" notifications@github.com
wrote:

I guess the change would basically mean:

security.setuidPrograms = [ "mtr" ];

Is there anything speaking against this?


Reply to this email directly or view it on GitHub
#6034.

@ctheune

This comment has been minimized.

Copy link
Contributor Author

ctheune commented Jan 28, 2015

Your answer tells me there's an option for me to make it setuid that I'm not aware of a way to customize this per installation.

I'm currently using nix / nixpkgs on OS X. I saw the helper code but I'm not good enough yet to infer how to apply this for an installation I did via 'nix-env -i mtr'. Mind pointing me in the right direction for individually enabling setuid?

@wkennington

This comment has been minimized.

Copy link
Contributor

wkennington commented Jan 28, 2015

As far as I am aware setuid is only something that can be done in NixOS by
creating wrappers in /var/setuid-wrappers using the setting you were
talking about in your previous message.
On Jan 28, 2015 1:21 PM, "Christian Theune" notifications@github.com
wrote:

Your answer tells me there's an option for me to make it setuid that I'm
not aware of a way to customize this per installation.

I'm currently using nix / nixpkgs on OS X. I saw the helper code but I'm
not good enough yet to infer how to apply this for an installation I did
via 'nix-env -i mtr'. Mind pointing me in the right direction for
individually enabling setuid?


Reply to this email directly or view it on GitHub
#6034 (comment).

@domenkozar

This comment has been minimized.

Copy link
Member

domenkozar commented Jan 28, 2015

You could refactor nixos/modules/security/setuid-wrappers.nix to get that support outside of NixOS, but the wrappers would have to be stored outside /nix/store

@volth

This comment has been minimized.

Copy link
Contributor

volth commented Dec 23, 2016

mtr does not required setuid to work, CAP_NET_RAW capability should be enough: https://lists.opensuse.org/opensuse-packaging/2014-01/msg00125.html

related #6768

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment