Xinglu Chen schreef op zo 06-06-2021 om 14:51 [+0200]: > [ This was reported on the Nixpkgs bug tracker a few weeks ago > ] > > When doing something like > > (call-with-output-file FILE > (lambda (port) > (display SECRET port))) > (chmod FILE #o400) > > an unpriviliged user could open FILE before FILE had been chmod’ed, and > then read the contents of FILE. > > One solution to this problem would be to use > > (mkdir (dirname FILE) #o400) > > before writing SECRET to FILE. Alternatively, a variant of call-with-output-file could be defined that has a #:perms argument. This new procedure, let's call it call-with-output-file*, could create a file with the right permissions with (open "/etc/...-secret" (bitwise-ior O_WRONLY O_CREAT) #o400) or something like that. Then the vulnerable code above would become ... (call-with-output-file* FILE (lambda (port) (display SECRET port)) #:perms #o400) This seems a bit easier in usage to me! No need to worry if changing the permissions of the parent directory would break anything this way. Greetings, Maxime.