commit 8f76a6eefcfa0c9904e0749f04b27090527ce09f · pyrox.dev/nixpkgs

+2

nixos/modules/programs/ccache.nix

···

       28
        
       

     

       29
        
             # "nix-ccache --show-stats" and "nix-ccache --clear"

     

       30
        
             security.wrappers.nix-ccache = {

     

       0
        
       
     

       31
        
               group = "nixbld";

     

       0
        
       
     

       32
        
               setgid = true;

     

       33
        
               source = pkgs.writeScript "nix-ccache.pl" ''

     

       34
        
                 #!${pkgs.perl}/bin/perl

···

       28
        
       

     

       29
        
             # "nix-ccache --show-stats" and "nix-ccache --clear"

     

       30
        
             security.wrappers.nix-ccache = {

     

       31
       +
               owner = "nobody";

     

       32
        
               group = "nixbld";

     

       33
       +
               setuid = false;

     

       34
        
               setgid = true;

     

       35
        
               source = pkgs.writeScript "nix-ccache.pl" ''

     

       36
        
                 #!${pkgs.perl}/bin/perl

+2

nixos/modules/programs/msmtp.nix

···

       78
        
             source = "${pkgs.msmtp}/bin/sendmail";

     

       79
        
             setuid = false;

     

       80
        
             setgid = false;

     

       0
        
       
     

       0
        
       
     

       81
        
           };

     

       82
        
       

     

       83
        
           environment.etc."msmtprc".text = let

···

       78
        
             source = "${pkgs.msmtp}/bin/sendmail";

     

       79
        
             setuid = false;

     

       80
        
             setgid = false;

     

       81
       +
             owner = "root";

     

       82
       +
             group = "root";

     

       83
        
           };

     

       84
        
       

     

       85
        
           environment.etc."msmtprc".text = let

+2

nixos/modules/programs/ssmtp.nix

···

       181
        
             source = "${pkgs.ssmtp}/bin/sendmail";

     

       182
        
             setuid = false;

     

       183
        
             setgid = false;

     

       0
        
       
     

       0
        
       
     

       184
        
           };

     

       185
        
       

     

       186
        
         };

···

       181
        
             source = "${pkgs.ssmtp}/bin/sendmail";

     

       182
        
             setuid = false;

     

       183
        
             setgid = false;

     

       184
       +
             owner = "root";

     

       185
       +
             group = "root";

     

       186
        
           };

     

       187
        
       

     

       188
        
         };

+1

nixos/modules/security/pam.nix

···

       871
        
             unix_chkpwd = {

     

       872
        
               source = "${pkgs.pam}/sbin/unix_chkpwd.orig";

     

       873
        
               owner = "root";

     

       0
        
       
     

       874
        
               setuid = true;

     

       875
        
             };

     

       876
        
           };

···

       871
        
             unix_chkpwd = {

     

       872
        
               source = "${pkgs.pam}/sbin/unix_chkpwd.orig";

     

       873
        
               owner = "root";

     

       874
       +
               group = "nogroup";

     

       875
        
               setuid = true;

     

       876
        
             };

     

       877
        
           };

+4 -1

nixos/modules/services/mail/opensmtpd.nix

···

       103
        
           };

     

       104
        
       

     

       105
        
           security.wrappers.smtpctl = {

     

       0
        
       
     

       106
        
             group = "smtpq";

     

       0
        
       
     

       107
        
             setgid = true;

     

       108
        
             source = "${cfg.package}/bin/smtpctl";

     

       109
        
           };

     

       110
        
       

     

       111
       -
           services.mail.sendmailSetuidWrapper = mkIf cfg.setSendmail security.wrappers.smtpctl;

     

       0
        
       
     

       112
        
       

     

       113
        
           systemd.tmpfiles.rules = [

     

       114
        
             "d /var/spool/smtpd 711 root - - -"

···

       103
        
           };

     

       104
        
       

     

       105
        
           security.wrappers.smtpctl = {

     

       106
       +
             owner = "nobody";

     

       107
        
             group = "smtpq";

     

       108
       +
             setuid = false;

     

       109
        
             setgid = true;

     

       110
        
             source = "${cfg.package}/bin/smtpctl";

     

       111
        
           };

     

       112
        
       

     

       113
       +
           services.mail.sendmailSetuidWrapper = mkIf cfg.setSendmail

     

       114
       +
             security.wrappers.smtpctl // { program = "sendmail"; };

     

       115
        
       

     

       116
        
           systemd.tmpfiles.rules = [

     

       117
        
             "d /var/spool/smtpd 711 root - - -"

+4

nixos/modules/services/mail/postfix.nix

···

       673
        
             services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail {

     

       674
        
               program = "sendmail";

     

       675
        
               source = "${pkgs.postfix}/bin/sendmail";

     

       0
        
       
     

       676
        
               group = setgidGroup;

     

       677
        
               setuid = false;

     

       678
        
               setgid = true;

     
···

       681
        
             security.wrappers.mailq = {

     

       682
        
               program = "mailq";

     

       683
        
               source = "${pkgs.postfix}/bin/mailq";

     

       0
        
       
     

       684
        
               group = setgidGroup;

     

       685
        
               setuid = false;

     

       686
        
               setgid = true;

     
···

       689
        
             security.wrappers.postqueue = {

     

       690
        
               program = "postqueue";

     

       691
        
               source = "${pkgs.postfix}/bin/postqueue";

     

       0
        
       
     

       692
        
               group = setgidGroup;

     

       693
        
               setuid = false;

     

       694
        
               setgid = true;

     
···

       697
        
             security.wrappers.postdrop = {

     

       698
        
               program = "postdrop";

     

       699
        
               source = "${pkgs.postfix}/bin/postdrop";

     

       0
        
       
     

       700
        
               group = setgidGroup;

     

       701
        
               setuid = false;

     

       702
        
               setgid = true;

···

       673
        
             services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail {

     

       674
        
               program = "sendmail";

     

       675
        
               source = "${pkgs.postfix}/bin/sendmail";

     

       676
       +
               owner = "nobody";

     

       677
        
               group = setgidGroup;

     

       678
        
               setuid = false;

     

       679
        
               setgid = true;

     
···

       682
        
             security.wrappers.mailq = {

     

       683
        
               program = "mailq";

     

       684
        
               source = "${pkgs.postfix}/bin/mailq";

     

       685
       +
               owner = "nobody";

     

       686
        
               group = setgidGroup;

     

       687
        
               setuid = false;

     

       688
        
               setgid = true;

     
···

       691
        
             security.wrappers.postqueue = {

     

       692
        
               program = "postqueue";

     

       693
        
               source = "${pkgs.postfix}/bin/postqueue";

     

       694
       +
               owner = "nobody";

     

       695
        
               group = setgidGroup;

     

       696
        
               setuid = false;

     

       697
        
               setgid = true;

     
···

       700
        
             security.wrappers.postdrop = {

     

       701
        
               program = "postdrop";

     

       702
        
               source = "${pkgs.postfix}/bin/postdrop";

     

       703
       +
               owner = "nobody";

     

       704
        
               group = setgidGroup;

     

       705
        
               setuid = false;

     

       706
        
               setgid = true;

+2

nixos/modules/services/networking/x2goserver.nix

···

       88
        
             source = "${pkgs.x2goserver}/lib/x2go/libx2go-server-db-sqlite3-wrapper.pl";

     

       89
        
             owner = "x2go";

     

       90
        
             group = "x2go";

     

       0
        
       
     

       91
        
             setgid = true;

     

       92
        
           };

     

       93
        
           security.wrappers.x2goprintWrapper = {

     

       94
        
             source = "${pkgs.x2goserver}/bin/x2goprint";

     

       95
        
             owner = "x2go";

     

       96
        
             group = "x2go";

     

       0
        
       
     

       97
        
             setgid = true;

     

       98
        
           };

     

       99

···

       88
        
             source = "${pkgs.x2goserver}/lib/x2go/libx2go-server-db-sqlite3-wrapper.pl";

     

       89
        
             owner = "x2go";

     

       90
        
             group = "x2go";

     

       91
       +
             setuid = false;

     

       92
        
             setgid = true;

     

       93
        
           };

     

       94
        
           security.wrappers.x2goprintWrapper = {

     

       95
        
             source = "${pkgs.x2goserver}/bin/x2goprint";

     

       96
        
             owner = "x2go";

     

       97
        
             group = "x2go";

     

       98
       +
             setuid = false;

     

       99
        
             setgid = true;

     

       100
        
           };

     

       101

+2

nixos/modules/services/scheduling/fcron.nix

···

       136
        
               owner = "fcron";

     

       137
        
               group = "fcron";

     

       138
        
               setgid = true;

     

       0
        
       
     

       139
        
             };

     

       140
        
             fcronsighup = {

     

       141
        
               source = "${pkgs.fcron}/bin/fcronsighup";

     

       0
        
       
     

       142
        
               group = "fcron";

     

       143
        
             };

     

       144
        
           };

···

       136
        
               owner = "fcron";

     

       137
        
               group = "fcron";

     

       138
        
               setgid = true;

     

       139
       +
               setuid = false;

     

       140
        
             };

     

       141
        
             fcronsighup = {

     

       142
        
               source = "${pkgs.fcron}/bin/fcronsighup";

     

       143
       +
               owner = "root";

     

       144
        
               group = "fcron";

     

       145
        
             };

     

       146
        
           };

+3 -2

nixos/modules/services/x11/desktop-managers/cde.nix

···

       49
        
           users.groups.mail = {};

     

       50
        
           security.wrappers = {

     

       51
        
             dtmail = {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       52
        
               source = "${pkgs.cdesktopenv}/bin/dtmail";

     

       53
       -
               group = "mail";

     

       54
       -
               setgid = true;

     

       55
        
             };

     

       56
        
           };

     

       57

···

       49
        
           users.groups.mail = {};

     

       50
        
           security.wrappers = {

     

       51
        
             dtmail = {

     

       52
       +
               setgid = true;

     

       53
       +
               owner = "nobody";

     

       54
       +
               group = "mail";

     

       55
        
               source = "${pkgs.cdesktopenv}/bin/dtmail";

     

       0
        
       
     

       0
        
       
     

       56
        
             };

     

       57
        
           };

     

       58