Commit graph

10 commits

Author SHA1 Message Date
Eelco Dolstra
8d09b9066c * Purity: don't access /etc/modules.conf.
svn path=/nixos/trunk/; revision=7467
2006-12-22 23:51:18 +00:00
Eelco Dolstra
87e2456814 * Use getenv/useradd.
svn path=/nixos/trunk/; revision=7382
2006-12-18 15:48:29 +00:00
Eelco Dolstra
3e7f4280df * activate-configuration.sh: make sure that we're running on a NixOS
installation to prevent horrible accidents.
* Add the kernel parameters to isolinux.cfg.
* Use useradd/groupadd to create users/groups; use Glibc's getent to
  check for existence.
* Create the root account properly.

svn path=/nixos/trunk/; revision=7357
2006-12-16 21:48:12 +00:00
Eelco Dolstra
f049c35a86 * More semi-purification of /etc.
svn path=/nixos/trunk/; revision=7290
2006-12-09 02:51:42 +00:00
Eelco Dolstra
ec764b7c08 * Helper script to check for and create accounts.
svn path=/nixos/trunk/; revision=7171
2006-11-29 23:10:22 +00:00
Eelco Dolstra
a66bae7b2f * Strip.
svn path=/nixos/trunk/; revision=7164
2006-11-28 17:40:56 +00:00
Eelco Dolstra
39ac293b58 * Create setuid wrappers for a few programs (su and passwd). This is
still a bit ad hoc, but it works.

svn path=/nixos/trunk/; revision=7163
2006-11-28 17:34:27 +00:00
Eelco Dolstra
cba92bbdf1 * First step towards setuid/setgid support: a setuid/setgid wrapper
program.

  The Nix store cannot directly support setuid binaries for a number
  of reasons:

  - Builds are generally not performed as root (and they shouldn't
    be), so the builder cannot chown/chmod executables to the right
    setuid ownership.

  - Unpacking a NAR archive containing a setuid binary would only work
    when Nix is run as root.

  - Worst of all, setuid binaries don't fit in the purely functional
    model: if a security bug is discovered in a setuid binary, that
    binary should be removed from the system to prevent users from
    calling it.  But we cannot garbage collect it unless all
    references to it are gone, which might never happen.  Of course,
    we could just remove setuid permission, but that would also be
    impure.

  So the solution is to keep setuid-ness out of the Nix store.
  Rather, for programs that we want to execute as setuid, we generate
  wrapper programs (as root) that are setuid and do an execve() to
  call the real, non-setuid program in the Nix store.

  That's what setuid-wrapper does.  It determines its own name (e.g.,
  /var/setuid-wrappers/passwd), reads the name of the wrapped program
  from <self>.real (e.g., /var/setuid-wrappers/passwd.real, which
  might contain /nix/var/nix/profiles/system/bin/passwd), and executes
  it.  Thus, the non-setuid passwd in the Nix store would be executed
  with the effective user set to root.

  Setuid-wrapper also performs a few security checks to prevent it
  from reading a fake <self>.real file through hard-linking tricks.

svn path=/nixos/trunk/; revision=7157
2006-11-28 13:36:27 +00:00
Eelco Dolstra
5c89e891df * Refactoring.
svn path=/nixos/trunk/; revision=7156
2006-11-28 10:45:21 +00:00
Eelco Dolstra
0817c307dc * Moving stuff around.
svn path=/nixos/trunk/; revision=7155
2006-11-27 19:49:05 +00:00