diff --git a/config/base.toml b/config/base.toml index d51f3ecf33..cd7e57c69e 100644 --- a/config/base.toml +++ b/config/base.toml @@ -310,7 +310,6 @@ gid = 0 shell = "/usr/bin/zsh" [users.user] -# Password is unset password = "" shell = "/usr/bin/zsh" diff --git a/config/redbear-mini.toml b/config/redbear-mini.toml index 2eab72c592..b59407a038 100644 --- a/config/redbear-mini.toml +++ b/config/redbear-mini.toml @@ -145,28 +145,29 @@ type = "oneshot_async" [[files]] path = "/etc/issue" data = """ -########## Red Bear OS ######### -# Login with the following: # -# `user` # -# `root`:`password` # -################################ + ____ _ ____ ___ ____ +| _ \\ ___ __| | __ ) ___ __ _ _ __ / _ \\/ ___| +| |_) / _ \\ / _` | _ \\ / _ \\/ _` | '__| | | | \\___ \\ +| _ < __/ (_| | |_) | __/ (_| | | | |_| |___) | +|_| \\_\\___|\\__,_|____/ \\___|\\__,_|_| \\___/|____/ + + v0.2.2 "Liliya" + + Login as `user` (no password) + """ [[files]] path = "/etc/motd" data = """ - - _ _ - | | (_) - | | ___ _ ___ _ __ _ _ ___ - | |/ / || |/ _ \\ | '_ \\| | | / __| - | < | || | (_) || |_) | |_| \\__ \\ - |_|\\_\\|_|/ |\\___/ | .__/ \\__,_|___/ - |__/ | | - |_| + ____ _ ____ ___ ____ +| _ \\ ___ __| | __ ) ___ __ _ _ __ / _ \\/ ___| +| |_) / _ \\ / _` | _ \\ / _ \\/ _` | '__| | | | \\___ \\ +| _ < __/ (_| | |_) | __/ (_| | | | |_| |___) | +|_| \\_\\___|\\__,_|____/ \\___|\\__,_|_| \\___/|____/ + + v0.2.2 "Liliya" · Built on Redox OS - Red Bear OS v0.2.0 "Liliya" — Built on Redox OS - Type 'help' for available commands. """ [[files]] diff --git a/local/patches/userutils/P6-login-privilege-drop.patch b/local/patches/userutils/P6-login-privilege-drop.patch new file mode 100644 index 0000000000..70906c4576 --- /dev/null +++ b/local/patches/userutils/P6-login-privilege-drop.patch @@ -0,0 +1,56 @@ +diff --git a/src/bin/login.rs b/src/bin/login.rs +index 022fb47..a2807b2 100644 +--- a/src/bin/login.rs ++++ b/src/bin/login.rs +@@ -13,0 +14,3 @@ use userutils::spawn_shell; ++#[cfg(target_os = "redox")] ++use redox_rt::sys::{posix_setresugid, Resugid}; ++ +@@ -38 +41 @@ const MOTD_FILE: &'static str = "/etc/motd"; +-const DEFAULT_SCHEMES: [&'static str; 26] = [ ++const DEFAULT_SCHEMES: [&'static str; 29] = [ +@@ -65 +68,2 @@ const DEFAULT_SCHEMES: [&'static str; 26] = [ +- // Display schemes ++ // Display schemes (DRM/KMS path for GPU drivers) ++ "drm", +@@ -67,0 +72,2 @@ const DEFAULT_SCHEMES: [&'static str; 26] = [ ++ // Input schemes ++ "input", +@@ -92,0 +99,17 @@ pub fn apply_login_schemes( ++#[cfg(target_os = "redox")] ++fn drop_privileges(user: &User) -> Result<()> { ++ posix_setresugid(&Resugid { ++ ruid: Some(user.uid), ++ euid: Some(user.uid), ++ suid: Some(user.uid), ++ rgid: Some(user.gid), ++ egid: Some(user.gid), ++ sgid: Some(user.gid), ++ }) ++} ++ ++#[cfg(not(target_os = "redox"))] ++fn drop_privileges(_user: &User) -> Result<()> { ++ Ok(()) ++} ++ +@@ -177,0 +201,2 @@ pub fn main() { ++ ++ drop_privileges(user).unwrap_or_exit(1); +@@ -200,0 +226,10 @@ pub fn main() { ++ let before_ns_fd = ++ apply_login_schemes(user, &DEFAULT_SCHEMES).unwrap_or_exit(1); ++ ++ let _ = syscall::fcntl( ++ before_ns_fd.raw(), ++ syscall::F_SETFD, ++ syscall::O_CLOEXEC, ++ ); ++ ++ drop_privileges(user).unwrap_or_exit(1); +@@ -201,0 +237,5 @@ pub fn main() { ++ let _ = syscall::fcntl(before_ns_fd.raw(), syscall::F_SETFD, 0); ++ let _ = libredox::call::close( ++ libredox::call::setns(before_ns_fd.into_raw()) ++ .unwrap_or_exit(1), ++ ); diff --git a/recipes/core/base/init.d/00_sudo.service b/recipes/core/base/init.d/00_sudo.service deleted file mode 100644 index e9d50ea606..0000000000 --- a/recipes/core/base/init.d/00_sudo.service +++ /dev/null @@ -1,7 +0,0 @@ -[unit] -description = "Sudo background handler" - -[service] -cmd = "sudo" -args = ["--daemon"] -type = "oneshot_async" diff --git a/recipes/core/base/init.d/12_sudo.service b/recipes/core/base/init.d/12_sudo.service new file mode 100644 index 0000000000..2abaf3a408 --- /dev/null +++ b/recipes/core/base/init.d/12_sudo.service @@ -0,0 +1,7 @@ +[unit] +description = "Sudo privilege escalation daemon" + +[service] +cmd = "sudo" +args = ["--daemon"] +type = "daemon" diff --git a/recipes/core/base/recipe.toml b/recipes/core/base/recipe.toml index 49beb3bf17..0a107f3869 100644 --- a/recipes/core/base/recipe.toml +++ b/recipes/core/base/recipe.toml @@ -63,7 +63,7 @@ installs = [ "/usr/lib/init.d/00_ipcd.service", "/usr/lib/init.d/00_pcid-spawner.service", "/usr/lib/init.d/00_ptyd.service", - "/usr/lib/init.d/00_sudo.service", + "/usr/lib/init.d/12_sudo.service", "/usr/lib/init.d/00_tmp", "/usr/lib/init.d/05_boot_essential.target", "/usr/lib/init.d/10_dhcpd.service", diff --git a/recipes/core/userutils/recipe.toml b/recipes/core/userutils/recipe.toml index 1dd0dd1acf..1b50ba7d31 100644 --- a/recipes/core/userutils/recipe.toml +++ b/recipes/core/userutils/recipe.toml @@ -1,6 +1,6 @@ [source] git = "https://gitlab.redox-os.org/redox-os/userutils.git" -patches = ["P5-redbear-branding.patch"] +patches = ["P5-redbear-branding.patch", "P6-login-privilege-drop.patch"] [build] template = "custom" diff --git a/recipes/core/userutils/source b/recipes/core/userutils/source index 0c5274faa9..9c37ba8c19 160000 --- a/recipes/core/userutils/source +++ b/recipes/core/userutils/source @@ -1 +1 @@ -Subproject commit 0c5274faa9a027d8594198bef8b344c11af9bc9d +Subproject commit 9c37ba8c1972466d63105b2f46aa22d5bea6079d