remove never working setuid helper code from the build-system.

refer to the Changelog for a longer reason. In conclusion, this
is what people expect, this is what Package Managers patch away
for portability, and we can't use install(1) for this because
it's not a portable tool.

diff --git a/ChangeLog b/ChangeLog
index e835da2362498475a324b2b79922e39d109a1d6f..8c24a7e5ffbca633dd91df61a287417e45bf6887 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+Wed Oct 23 00:00:00 UTC 2019
+  Remove setuid helpers. They never worked as intended. The
+  fixed version is not portable and the defacto good way to
+  handle this which is most portable is to let package managers
+  handle this (as they do right now, the good ones), and let
+  people handle this who read the documentation.
+  This commit removes what would be patched out by the majority
+  of package managers, which is setuid handling in Makefiles.
+  It is very likely that no one will notice this code is gone.
+  -ng0
+
 Thu Oct 17 00:00:00 UTC 2019
   Added support for doas, use it in some places conditionally
   if sudo is not present. Fixed sudo detection. -ng0

diff --git a/README b/README
index 31ab1872717fba93f583c03f0df283ce99f2ab65..75dd75694e19100f1b455dcd5f605cb8313d0ff2 100644 (file)
--- a/README
+++ b/README
@@ -189,6 +189,32 @@ Recommended autotools for compiling the Git version are:
      more details.
      However, this leak is just a minor concern.
 
+Notes on setuid
+===============
+
+For a correct functionality depending on the host OS, you need
+to run the equivalent of these steps after installation:
+
+chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-vpn
+chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-vpn
+chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-transport-wlan
+chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-transport-wlan
+chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-transport-bluetooth
+chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-transport-bluetooth
+chown root $(DESTDIR)$(libexecdir)/gnunet-helper-dns
+chgrp $(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns
+chmod 4750 $(DESTDIR)$(libexecdir)/gnunet-helper-dns
+chgrp $(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns
+chown gnunet:$(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns
+chmod 2750 $(DESTDIR)$(libexecdir)/gnunet-helper-dns
+chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-exit
+chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-exit
+chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server
+chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client
+chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server
+chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client
+
+
 Requirements
 ============
 

diff --git a/src/dns/Makefile.am b/src/dns/Makefile.am
index 1aea7f09ad0584d006e940c22311b046ae0c8ba0..d2598bd8a77219ab28553b630d950cbf204b316a 100644 (file)
--- a/src/dns/Makefile.am
+++ b/src/dns/Makefile.am
@@ -14,25 +14,8 @@ plugindir = $(libdir)/gnunet
 pkgcfg_DATA = \
   dns.conf
 
-if HAVE_SUDO
-SUDO_OR_DOAS_BINARY= $(SUDO_BINARY)
-else
-if HAVE_DOAS_BINARY
-SUDO_OR_DOAS_BINARY= $(DOAS_BINARY)
-endif
-endif
-
 if LINUX
 HIJACKBIN = gnunet-helper-dns
-install-exec-hook:
-       chown root $(DESTDIR)$(libexecdir)/gnunet-helper-dns
-       chgrp $(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns
-       chmod 4750 $(DESTDIR)$(libexecdir)/gnunet-helper-dns
-       chgrp $(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns
-       chown gnunet:$(GNUNETDNS_GROUP) $(DESTDIR)$(libexecdir)/gnunet-helper-dns
-       chmod 2750 $(DESTDIR)$(libexecdir)/gnunet-helper-dns
-else
-install-exec-hook:
 endif
 
 lib_LTLIBRARIES = \

diff --git a/src/dns/install-dns-helper.sh b/src/dns/install-dns-helper.sh
deleted file mode 100755 (executable)
index 14d5caa..0000000
--- a/src/dns/install-dns-helper.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/sh
-# $1 - bindir
-# $2 - gnunetdns group
-# $3 - sudo binary (optional)
-$3 chown root $1/gnunet-helper-dns
-$3 chgrp $2 $1/gnunet-helper-dns
-$3 chmod 4750 $1/gnunet-helper-dns
-# In case user 'gnunet' does not exist, at least set the group
-$3 chgrp $2 $1/gnunet-service-dns
-# Usually we want both...
-$3 chown gnunet:$2 $1/gnunet-service-dns
-$3 chmod 2750 $1/gnunet-service-dns

diff --git a/src/exit/Makefile.am b/src/exit/Makefile.am
index c45354256abe7bcfcd2a1a7bc8ff3005d6546f5c..c0323d0d617f4d4312f62e8ba67bfbcbb275a687 100644 (file)
--- a/src/exit/Makefile.am
+++ b/src/exit/Makefile.am
@@ -14,21 +14,8 @@ plugindir = $(libdir)/gnunet
 dist_pkgcfg_DATA = \
   exit.conf
 
-if HAVE_SUDO
-SUDO_OR_DOAS_BINARY= $(SUDO_BINARY)
-else
-if HAVE_DOAS_BINARY
-SUDO_OR_DOAS_BINARY= $(DOAS_BINARY)
-endif
-endif
-
 if LINUX
 EXITBIN = gnunet-helper-exit
-install-exec-hook:
-       chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-exit
-       chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-exit
-else
-install-exec-hook:
 endif
 
 

diff --git a/src/exit/install-exit-helper.sh b/src/exit/install-exit-helper.sh
deleted file mode 100755 (executable)
index d9ae141..0000000
--- a/src/exit/install-exit-helper.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-# $1 - bindir
-# $2 - sudo binary (optional)
-$2 chown root:root $1/gnunet-helper-exit || true
-$2 chmod u+s $1/gnunet-helper-exit || true

diff --git a/src/nat/Makefile.am b/src/nat/Makefile.am
index 2c04741da1c00637d0ae35818966e1374e79ee22..67f5e4dbc7135f9292d5d3d677947fbd2ea08970 100644 (file)
--- a/src/nat/Makefile.am
+++ b/src/nat/Makefile.am
@@ -8,33 +8,15 @@ pkgcfgdir= $(pkgdatadir)/config.d/
 pkgcfg_DATA = \
   nat.conf
 
-if HAVE_SUDO
-SUDO_OR_DOAS_BINARY= $(SUDO_BINARY)
-else
-if HAVE_DOAS_BINARY
-SUDO_OR_DOAS_BINARY= $(DOAS_BINARY)
-endif
-endif
-
 if LINUX
   NATBIN = gnunet-helper-nat-server gnunet-helper-nat-client
   NATSERVER = gnunet-helper-nat-server.c
   NATCLIENT = gnunet-helper-nat-client.c
-install-exec-hook:
-       chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server
-       chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client
-       chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server
-       chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client
 else
 if XFREEBSD
   NATBIN = gnunet-helper-nat-server gnunet-helper-nat-client
   NATSERVER = gnunet-helper-nat-server.c
   NATCLIENT = gnunet-helper-nat-client.c
-install-exec-hook:
-       chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server
-       chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client
-       chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-server
-       chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-nat-client
 endif
 else
 install-exec-hook:

diff --git a/src/nat/install-nat-helper.sh b/src/nat/install-nat-helper.sh
deleted file mode 100755 (executable)
index d5ee91f..0000000
--- a/src/nat/install-nat-helper.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-# $1 - bindir
-# $2 - sudo binary (optional)
-$2 chown root:root $1/gnunet-helper-nat-server $1/gnunet-helper-nat-client || true
-$2 chmod u+s $1/gnunet-helper-nat-server $1/gnunet-helper-nat-client || true

diff --git a/src/transport/Makefile.am b/src/transport/Makefile.am
index b690fa3459086db2484276fefe30ef624714579f..8221b7847d279f6fc88e81bc535c57b8b0efd5b2 100644 (file)
--- a/src/transport/Makefile.am
+++ b/src/transport/Makefile.am
@@ -93,26 +93,6 @@ if LINUX
                test_quota_compliance_wlan_asymmetric
 endif
 
-if HAVE_SUDO
-SUDO_OR_DOAS_BINARY= $(SUDO_BINARY)
-else
-if HAVE_DOAS_BINARY
-SUDO_OR_DOAS_BINARY= $(DOAS_BINARY)
-endif
-endif
-
-if LINUX
-install-exec-hook:
-       chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-transport-wlan
-       chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-transport-wlan
-if HAVE_LIBBLUETOOTH
-       chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-transport-bluetooth
-       chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-transport-bluetooth
-endif
-else
-install-exec-hook:
-endif
-
 if LINUX
 if HAVE_LIBBLUETOOTH
  BT_BIN = gnunet-helper-transport-bluetooth

diff --git a/src/transport/install-bluetooth-helper.sh b/src/transport/install-bluetooth-helper.sh
deleted file mode 100755 (executable)
index 5c40250..0000000
--- a/src/transport/install-bluetooth-helper.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-# $1 - bindir
-# $2 - sudo binary (optional)
-$2 chown root:root $1/gnunet-helper-transport-bluetooth || true
-$2 chmod u+s $1/gnunet-helper-transport-bluetooth || true

diff --git a/src/transport/install-wlan-helper.sh b/src/transport/install-wlan-helper.sh
deleted file mode 100755 (executable)
index 0fa9c98..0000000
--- a/src/transport/install-wlan-helper.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-# $1 - bindir
-# $2 - sudo binary (optional)
-$2 chown root:root $1/gnunet-helper-transport-wlan || true
-$2 chmod u+s $1/gnunet-helper-transport-wlan || true

diff --git a/src/vpn/Makefile.am b/src/vpn/Makefile.am
index 9992fa5ed8c2f90da8887f6e8a8aafdc42dc8e5c..407d8ba92e1a493b782fa2b133a22d99051e169c 100644 (file)
--- a/src/vpn/Makefile.am
+++ b/src/vpn/Makefile.am
@@ -14,21 +14,8 @@ plugindir = $(libdir)/gnunet
 pkgcfg_DATA = \
   vpn.conf
 
-if HAVE_SUDO
-SUDO_OR_DOAS_BINARY= $(SUDO_BINARY)
-else
-if HAVE_DOAS_BINARY
-SUDO_OR_DOAS_BINARY= $(DOAS_BINARY)
-endif
-endif
-
 if LINUX
 VPNBIN = gnunet-helper-vpn
-install-exec-hook:
-       chown root:root $(DESTDIR)$(libexecdir)/gnunet-helper-vpn
-       chmod u+s $(DESTDIR)$(libexecdir)/gnunet-helper-vpn
-else
-install-exec-hook:
 endif
 
 

diff --git a/src/vpn/install-vpn-helper.sh b/src/vpn/install-vpn-helper.sh
deleted file mode 100755 (executable)
index 086dabb..0000000
--- a/src/vpn/install-vpn-helper.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-# $1 - bindir
-# $2 - sudo binary (optional)
-$2 chown root:root $1/gnunet-helper-vpn || true
-$2 chmod u+s $1/gnunet-helper-vpn || true