Forum Discussion

Former Member's avatar
Former Member
5 years ago

Keyring isn't suid on nixos

Hi, I'm running nixos and my 1password-keyringhelper isn't suid.
so i get this error

[1P:foundation/op-linux/src/bin/keyring_helper.rs:150]
keyring helper detected it was not running as root. This could lead to credentials being compromised, aborting!
Permissions found: EUID: 1000, EGID: 100

I tried security.wrappers

security.wrappers = {
"1Password-KeyringHelper" = {
source = "${pkgs._1password-gui.out}/share/1password/1Password-KeyringHelper";
setuid = true;
group = "onepassword";
};
};

neither worked

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Nixos master
Sync Type: Not Provided

linux

52 Replies

Show More
  • Former Member's avatar
    Former Member
    5 years ago

    pkgs.buildFHSUserEnv could work

  • Former Member's avatar
    Former Member
    5 years ago

    Hey, @auscyber . This is a realm that I know I still need to research. My understanding was that, to support things like security.wrappers, I would need to make some changes to the derivation file itself.

    Unfortunately, the NixOS filesystem may make it very difficult to support this feature. :frown: Even with the setuid bit, recent security audits have prompted us to tighten up things like file paths and ownership of more than just the 1Password executable. This makes me very unhappy, but it is very hard to verify the identity of any application on Linux, and we really don't want to have rogue processes just making a connection to an open 1Password session.

    I'm not giving up at all, though. I run 1Password on a NixOS machine, and really miss the browser integration there.