On Tue, Jun 08 2021, Maxime Devos wrote: > Xinglu Chen schreef op zo 06-06-2021 om 14:51 [+0200]: >> [ This was reported on the Nixpkgs bug tracker a few weeks ago >> ] >> >> When doing something like >> >> (call-with-output-file FILE >> (lambda (port) >> (display SECRET port))) >> (chmod FILE #o400) >> >> an unpriviliged user could open FILE before FILE had been chmod’ed, and >> then read the contents of FILE. >> >> One solution to this problem would be to use >> >> (mkdir (dirname FILE) #o400) >> >> before writing SECRET to FILE. > > Alternatively, a variant of call-with-output-file > could be defined that has a #:perms argument. > > This new procedure, let's call it call-with-output-file*, > could create a file with the right permissions with > (open "/etc/...-secret" (bitwise-ior O_WRONLY O_CREAT) #o400) > or something like that. > > Then the vulnerable code above would become ... > > (call-with-output-file* FILE > (lambda (port) > (display SECRET port)) > #:perms #o400) > > This seems a bit easier in usage to me! > No need to worry if changing the permissions of the parent > directory would break anything this way. Indeed, this sounds like a better approach!