diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2023-10-05 19:13:11 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2023-10-05 23:14:55 +0200 |
| commit | e863274e67e2242b970845783172c9f4e49405ca (patch) | |
| tree | 9551fd63dae3df2e711967bd3360aadebff054e5 /gnu/services | |
| parent | 917c17c052beebefa109c4eff3a7b0307460a4c7 (diff) | |
| download | guix-e863274e67e2242b970845783172c9f4e49405ca.tar guix-e863274e67e2242b970845783172c9f4e49405ca.tar.gz | |
services: hurd-vm: Leave root password uninitialized when offloading.
Starting with 953c65ffdd43c02c934518fb7a1c68542584b223, offloading to
the Hurd VM would be enabled by default. However, ‘root’ had an empty
password so any user on the host could connect to the VM over VNC, log
in as root, and potentially populate the host’s store from there. This
change fixes that.
* gnu/services/virtualization.scm (operating-system-with-locked-root-account):
New procedure.
(hurd-vm-disk-image)[transform]: Add
‘operating-system-with-locked-root-account’ when offloading.
Diffstat (limited to 'gnu/services')
| -rw-r--r-- | gnu/services/virtualization.scm | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index 076eca7ea2..f0f0ab3bf1 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -1085,6 +1085,20 @@ that will be listening to receive secret keys on port 1004, TCP." accounts) (operating-system-user-services os))))) +(define (operating-system-with-locked-root-account os) + "Return OS with a 'root' account whose password is uninitialized, thereby +preventing password-based authentication as 'root'." + (define root + ;; %ROOT-ACCOUNT has an empty password; change that to an uninitialized + ;; password. + (user-account + (inherit %root-account) + (password #f))) + + (operating-system + (inherit os) + (users (cons root (operating-system-users os))))) + (define %hurd-vm-operating-system (operating-system (inherit %hurd-default-operating-system) @@ -1147,8 +1161,14 @@ that will be listening to receive secret keys on port 1004, TCP." is added to the OS specified in CONFIG." (define transform (compose secret-service-operating-system + ;; When offloading is enabled, (1) add the 'offloading' account, + ;; and (2) prevent users from logging in as 'root' without a + ;; password as this would allow any user on the host to populate + ;; the host's store indirectly (for example by logging in as root + ;; in the Hurd VM over VNC). (if (hurd-vm-configuration-offloading? config) - operating-system-with-offloading-account + (compose operating-system-with-locked-root-account + operating-system-with-offloading-account) identity))) (let* ((os (transform (hurd-vm-configuration-os config))) |