From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id UB/OD+SPv2ANDAEAgWs5BA (envelope-from ) for ; Tue, 08 Jun 2021 17:42:28 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id PO5+CuSPv2C0DwAA1q6Kng (envelope-from ) for ; Tue, 08 Jun 2021 15:42:28 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 49BB11268A for ; Tue, 8 Jun 2021 17:42:27 +0200 (CEST) Received: from localhost ([::1]:49532 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lqds1-0002sG-QG for larch@yhetil.org; Tue, 08 Jun 2021 11:42:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52616) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lqdre-0002pv-Eu for guix-patches@gnu.org; Tue, 08 Jun 2021 11:42:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:48009) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lqdre-0003B5-7H for guix-patches@gnu.org; Tue, 08 Jun 2021 11:42:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lqdrd-0002bE-VA for guix-patches@gnu.org; Tue, 08 Jun 2021 11:42:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#48923] [PATCH] build: utils: Add =?UTF-8?Q?=E2=80=98call-with-outp?= Resent-From: Xinglu Chen Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 08 Jun 2021 15:42:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 48923 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 48923@debbugs.gnu.org Cc: Maxime Devos X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16231668759936 (code B ref -1); Tue, 08 Jun 2021 15:42:01 +0000 Received: (at submit) by debbugs.gnu.org; 8 Jun 2021 15:41:15 +0000 Received: from localhost ([127.0.0.1]:59555 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lqdqp-0002a8-T5 for submit@debbugs.gnu.org; Tue, 08 Jun 2021 11:41:15 -0400 Received: from lists.gnu.org ([209.51.188.17]:36280) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lqdql-0002Zx-FP for submit@debbugs.gnu.org; Tue, 08 Jun 2021 11:41:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52356) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lqdql-0002K0-03 for guix-patches@gnu.org; Tue, 08 Jun 2021 11:41:07 -0400 Received: from h87-96-130-155.cust.a3fiber.se ([87.96.130.155]:53820 helo=mail.yoctocell.xyz) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lqdqh-0002ow-Hf for guix-patches@gnu.org; Tue, 08 Jun 2021 11:41:06 -0400 From: Xinglu Chen DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=yoctocell.xyz; s=mail; t=1623166852; bh=Cyr65nQYbBHMn8TBQX4HCVmfJ8FIw82qXbvPu88NHlI=; h=From:To:Cc:Subject:Date; b=hNBlMkTAOYihLPoeG5XM3Td5EGlxkdDE3wyNJeFOjVlIMLhF5xnTvuYEPmgECz3NN xvtj1ChvQVQcXo3U0YKDIsbvfDxGS2bz6d9e6CYTNON71DiHcBbY6wZYMDIKY0WgRL UcBqXHjdYplHd7xDTCZzqYczkPQhKK4tiym2DpSw= Message-Id: <23ac66d29119c5395fee0e993ea0fe811beefd91.1623166798.git.public@yoctocell.xyz> Date: Tue, 08 Jun 2021 17:40:52 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=87.96.130.155; envelope-from=public@yoctocell.xyz; helo=mail.yoctocell.xyz X-Spam_score_int: 29 X-Spam_score: 2.9 X-Spam_bar: ++ X-Spam_report: (2.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_SUSPICIOUS_NTLD=0.498, FROM_SUSPICIOUS_NTLD_FP=1.563, PDS_OTHER_BAD_TLD=1.997, RDNS_DYNAMIC=0.982, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1623166947; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=nMn6dRsixV1WuFxAASSKTMQgBIn38Wxy/4uDC6FTdp4=; b=L4hqewLjM3RG+XmCiOHAy0+aKoHGP0n7uvhraxBqUvxvuHBW9W9Kbw0SlnJcS3nzN21lqN RelhmPFFDyGGskclHHpc5PPb2M6l3Rl9vsd6AHcIvmPbhOUx7vKTkvK8v14azLpAPMQ+Ci ucOc3+uiu5NUP1/E4FmQ3+Q+2Lnv7rUfidCC+kM6fMNttsLUDjLqWC640hCEY+nKlhhvIa WxRE8nxlnfxcYgb5WlFzhEVtPeVDoheLsK0xNgD/+U/7/W/FHWQFjBoBh/PfSSC8qInjXQ KDy4/nVHZpBbWXtb9CdkVfIZo738L5LX9sSq1zxr5LIgKtv79waIxctcmvWuHw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1623166947; a=rsa-sha256; cv=none; b=mHNDcui+hx0tAP4LoN+HoXfHdNr7WYInOp0VAsHbqe6NrQwjWgIO4AU3Ty4NnlaDVDJ3RM qLscMvmThXgwRoYaFgG+7JuUV11MTCiX17vk7BsNf+yLN5Qd85q/9acvxLelnnLVYfOiy4 KPU9+Pw2s5IHAXGKMYg2ofJKrj9Ugm4cxkygFUzVbym5lKaq9R56LDkgMqTOkoQA5fPaRa 2T4rC1Zz7QFU3CHm6+w1/gGlUu78kbY9axn3IJvGzFPJiJr8l1PNsW3ZvB65YrZH935t5v PIE8E2a/6YNv0zu0Z/bs8dbGYh+5FI2VKGZECS1AluhcztfJTRBe1NVSGjSH0A== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=yoctocell.xyz header.s=mail header.b=hNBlMkTA; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: -0.32 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=yoctocell.xyz header.s=mail header.b=hNBlMkTA; dmarc=fail reason="SPF not aligned (relaxed)" header.from=yoctocell.xyz (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: 49BB11268A X-Spam-Score: -0.32 X-Migadu-Scanner: scn1.migadu.com X-TUID: 9Iy8A1trxO7p Using =E2=80=98call-with-output-file*=E2=80=99 instead of =E2=80=98call-wit= h-output-file=E2=80=99 and =E2=80=98chmod=E2=80=99 will prevent secrets from being leaked. See . * guix/build/utils.scm (call-with-output-file*): New procedure. * doc/guix.texi (Build Utilities): Document it. --- doc/guix.texi | 19 +++++++++++++++++++ guix/build/utils.scm | 10 ++++++++++ 2 files changed, 29 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index 59b4ac11b4..7e15cd9e92 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -8612,6 +8612,25 @@ Be careful about using @code{$} to match the end of = a line; by itself it won't match the terminating newline of a line. @end deffn =20 +@deffn {Scheme Procedure} call-with-output-file* @var{file} @var{proc} @ + [#:perms #o666] +Open FILE for output, set the file permission bits to @var{perms}, and +call @code{(PROC port)} with the resulting port. + +The advantage of using this procedure compared to something like this + +@lisp +(call-with-output-file "FILE" + (lambda (port) + (display "top secret" port))) +(chmod "FILE" #o400) +@end lisp + +is that, with the latter, an unpriviliged user could open @var{file} +before the permission was changed to @code{#o400}, thus making it +possible to leak sensitive information. +@end deffn + @subsection File Search =20 @cindex file, searching diff --git a/guix/build/utils.scm b/guix/build/utils.scm index 419c10195b..df960eee84 100644 --- a/guix/build/utils.scm +++ b/guix/build/utils.scm @@ -5,6 +5,7 @@ ;;; Copyright =C2=A9 2015, 2018 Mark H Weaver ;;; Copyright =C2=A9 2018 Arun Isaac ;;; Copyright =C2=A9 2018, 2019 Ricardo Wurmus +;;; Copyright =C2=A9 2021 Xinglu Chen ;;; ;;; This file is part of GNU Guix. ;;; @@ -66,6 +67,7 @@ file-name-predicate find-files false-if-file-not-found + call-with-output-file* =20 search-path-as-list set-path-environment-variable @@ -448,6 +450,14 @@ also be included. If FAIL-ON-ERROR? is true, raise an= exception upon error." #f (apply throw args))))) =20 +;; Prevent secrets from leaking, see +(define* (call-with-output-file* file proc #:key (perms #o666)) + "FILE should be string containg the path to a file, PROC should be a pro= cedure +that accepts the port as an argument, and PERMS should be the permission b= its +of the file, the default is 666." + (let ((port (open file (bitwise-ior O_WRONLY O_CREAT) perms))) + (call-with-port port proc))) + ;;; ;;; Search paths. base-commit: 503c2039a280dd52a751a6852b4157fccd1b4195 --=20 2.32.0