From: "Ludovic Courtès" <ludo@gnu.org>
To: Maxime Devos <maximedevos@telenet.be>
Cc: 47584@debbugs.gnu.org
Subject: bug#47584: Race condition in ‘copy-account-skeletons’: possible privilege escalation.
Date: Sat, 03 Apr 2021 22:15:45 +0200 [thread overview]
Message-ID: <87y2dzw2dq.fsf@gnu.org> (raw)
In-Reply-To: <63fbd9e37cc3582daf265277e64f0a99b20e05ec.camel@telenet.be> (Maxime Devos's message of "Sat, 03 Apr 2021 18:22:12 +0200")
Hi Maxime,
Maxime Devos <maximedevos@telenet.be> skribis:
> From 9672bd37bf50db1e0989d0b84035c4788422bd31 Mon Sep 17 00:00:00 2001
> From: Maxime Devos <maximedevos@telenet.be>
> Date: Tue, 30 Mar 2021 22:36:14 +0200
> Subject: [PATCH 1/2] activation: Do not dereference symlinks in home directory
> creation.
> MIME-Version: 1.0
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: 8bit
>
> Fixes <https://bugs.gnu.org/47584>.
>
> * gnu/build/activation.scm
> (copy-account-skeletons): Do not chown the home directory; leave this
> to 'activate-user-home'.
> (activate-user-home): Only chown the home directory after the account
> skeletons have been copied.
>
> Co-authored-by: Ludovic Courtès <ludo@gnu.org>.
Pushed:
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=2161820ebbbab62a5ce76c9101ebaec54dc61586
> From d071ee3aff5be1a6d7876d7411e70f7283dce1fb Mon Sep 17 00:00:00 2001
> From: Maxime Devos <maximedevos@telenet.be>
> Date: Sat, 3 Apr 2021 12:19:10 +0200
> Subject: [PATCH 2/2] news: Add entry for user account activation
> vulnerability.
>
> TODO for guix committer: correct the commit id appropriately.
>
> * etc/news.scm: Add entry.
I tweaked it to (1) make it clear upfront that only Guix System is
affected, (2) to explicitly recommend an upgrade on Guix System, and (3)
to clarify when the attack can happen.
Thanks for finding the issue, for reporting it at guix-security, and for
preparing these patches!
Ludo’.
next prev parent reply other threads:[~2021-04-03 20:16 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-03 16:09 bug#47584: Race condition in ‘copy-account-skeletons’: possible privilege escalation Maxime Devos
2021-04-03 16:22 ` Maxime Devos
2021-04-03 16:32 ` Maxime Devos
2021-04-03 20:15 ` Ludovic Courtès [this message]
2021-04-03 16:26 ` Maxime Devos
2021-04-03 20:45 ` Ludovic Courtès
2021-04-03 20:49 ` Ludovic Courtès
2021-04-04 13:29 ` Maxime Devos
2021-04-03 20:27 ` Ludovic Courtès
2021-04-03 20:33 ` Ludovic Courtès
2021-04-04 7:36 ` Maxime Devos
2021-04-05 19:54 ` Ludovic Courtès
2021-04-06 9:56 ` Maxime Devos
2021-04-06 11:57 ` Ludovic Courtès
2021-04-07 18:28 ` Maxime Devos
2022-10-21 9:31 ` Maxime Devos
2022-10-28 16:03 ` bug#47584: [DRAFT PATCH v2 0/4] Fix race condition in mkdir-p/perms Maxime Devos
2022-10-28 16:04 ` bug#47584: [PATCH 1/3] guile-next: Update to 3.0.8-793fb46 Maxime Devos
2022-10-28 16:04 ` bug#47584: [PATCH 2/3] WIP gnu: Change the Guile used for activation to one that has 'openat' Maxime Devos
2022-10-28 16:04 ` bug#47584: [PATCH 3/3] activation: Fix TOCTTOU in mkdir-p/perms Maxime Devos
2022-10-28 16:05 ` bug#47584: [PATCH 1/3] guile-next: Update to 3.0.8-793fb46 Maxime Devos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y2dzw2dq.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=47584@debbugs.gnu.org \
--cc=maximedevos@telenet.be \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).