From: "Ludovic Courtès" <ludo@gnu.org>
To: Maxime Devos <maximedevos@telenet.be>
Cc: 50960@debbugs.gnu.org
Subject: [bug#50960] [PATCH 04/10] DRAFT shell: By default load the local 'guix.scm' or 'manifest.scm' file.
Date: Mon, 04 Oct 2021 10:07:48 +0200 [thread overview]
Message-ID: <87bl45tdpn.fsf@gnu.org> (raw)
In-Reply-To: <80360a349abc0eb00a8645fe3e7b5f8008f33ec8.camel@telenet.be> (Maxime Devos's message of "Sat, 02 Oct 2021 16:15:21 +0200")
Hi Maxime,
Maxime Devos <maximedevos@telenet.be> skribis:
> Ludovic Courtès schreef op za 02-10-2021 om 12:22 [+0200]:
>> +(define (find-file-in-parent-directories candidates)
>> + "Find one of CANDIDATES in the current directory or one of its ancestors."
>> + (let loop ((directory (getcwd)))
>> + (and (= (stat:uid (stat directory)) (getuid))
>> + (or (any (lambda (candidate)
>> + (let ((candidate (string-append directory "/" candidate)))
>> + (and (file-exists? candidate) candidate)))
>> + candidates)
>> + (loop (string-append directory "/..")))))) ;Unix ".." resolution
>
> I do not recommend this. What would happen if someone creates a temporary directory
> "/tmp/stuff" do things in to throw away later (setting permissions appropriately),
> tries to create a guix.scm in that directory but misspells it as, say, guix.sm, and runs
> "guix shell" from within /tmp/stuff? Then find-file-in-parent-directories would
> load /tmp/guix.scm (possibly created by a local attacker, assuming a multi-user system),
> -- if it weren't for the (= (stat:uid (stat directory)) (getuid)).
>
> Because of the (= (stat:uid ...) (getuid)), this attack method is not possible.
Right. :-)
In libgit2, ‘find_repo’ (called by ‘git_repository_discover’) stops at
device boundaries, which is wise. But it doesn’t stop when the parent
has a different owner (!).
Unlike the code above, it does lexical “..” resolution after first
calling realpath(3) on the directory name; not sure what to think about
this. (The code of Git itself is harder to read for me.)
> However, it causes other issues. Now it isn't possible for two users (that trust
> each other), to set up a directory writable by both (e.g. with ACLs, or by making
> the directory group-writable and placing the two users in the same group), for
> working together, with a guix.scm usable by both.
>
> These can be two users on the same machine, or remotely via something like NFS,
> or a single person having multiple user accounts used for different purposes.
Well, sure, but that’s a very uncommon scenario, isn’t it?
I was actually hesitant about this find-in-parent behavior. I find it
convenient that ‘git’ does that, for instance, so I thought it might be
nice as well.
Thoughts?
Ludo’.
next prev parent reply other threads:[~2021-10-04 8:31 UTC|newest]
Thread overview: 108+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-02 10:21 [bug#50960] [PATCH 00/10] Add 'guix shell' to subsume 'guix environment' Ludovic Courtès
2021-10-02 10:22 ` [bug#50960] [PATCH 01/10] packages: Add 'package-development-inputs' Ludovic Courtès
2021-10-02 10:22 ` [bug#50960] [PATCH 02/10] profiles: Add 'package->development-manifest' Ludovic Courtès
2021-10-02 10:22 ` [bug#50960] [PATCH 03/10] DRAFT Add 'guix shell' Ludovic Courtès
2021-10-02 10:22 ` [bug#50960] [PATCH 04/10] DRAFT shell: By default load the local 'guix.scm' or 'manifest.scm' file Ludovic Courtès
2021-10-02 11:52 ` Liliana Marie Prikler
2021-10-02 13:43 ` [bug#50960] [PATCH 00/10] Add 'guix shell' to subsume 'guix environment' Ludovic Courtès
2021-10-05 7:50 ` Maxime Devos
2021-10-08 7:44 ` Ludovic Courtès
2021-10-02 14:15 ` [bug#50960] [PATCH 04/10] DRAFT shell: By default load the local 'guix.scm' or 'manifest.scm' file Maxime Devos
2021-10-04 8:07 ` Ludovic Courtès [this message]
2021-10-05 7:51 ` Maxime Devos
2021-10-02 10:22 ` [bug#50960] [PATCH 05/10] environment: Add tests for '--profile' Ludovic Courtès
2021-10-02 10:22 ` [bug#50960] [PATCH 06/10] environment: Skip derivation computation when '--profile' is used Ludovic Courtès
2021-10-02 11:39 ` Liliana Marie Prikler
2021-10-02 13:46 ` [bug#50960] [PATCH 00/10] Add 'guix shell' to subsume 'guix environment' Ludovic Courtès
2021-10-02 10:22 ` [bug#50960] [PATCH 07/10] environment: Do not connect to the daemon when '--profile' is used Ludovic Courtès
2021-10-02 10:22 ` [bug#50960] [PATCH 08/10] environment: Autoload some modules Ludovic Courtès
2021-10-02 10:22 ` [bug#50960] [PATCH 09/10] cache: Gracefully handle non-existent cache Ludovic Courtès
2021-10-02 13:28 ` Maxime Devos
2021-10-02 10:22 ` [bug#50960] [PATCH 10/10] shell: Maintain a profile cache Ludovic Courtès
2021-10-02 13:43 ` Maxime Devos
2021-10-02 14:12 ` Ludovic Courtès
2021-10-02 14:47 ` Maxime Devos
2021-10-04 8:19 ` Ludovic Courtès
2021-10-04 14:20 ` zimoun
2021-10-04 15:58 ` Maxime Devos
2021-10-08 7:37 ` Ludovic Courtès
2021-10-02 13:52 ` Maxime Devos
2021-10-02 14:14 ` Ludovic Courtès
2021-10-02 14:22 ` Maxime Devos
2021-10-04 8:08 ` Ludovic Courtès
2021-10-02 10:50 ` [bug#50960] [PATCH 00/10] Add 'guix shell' to subsume 'guix environment' Jelle Licht
2021-10-02 13:52 ` Ludovic Courtès
2021-10-02 12:10 ` pelzflorian (Florian Pelz)
2021-10-02 13:40 ` Ludovic Courtès
2021-10-02 15:08 ` pelzflorian (Florian Pelz)
2021-10-04 8:22 ` Ludovic Courtès
2021-10-04 9:23 ` pelzflorian (Florian Pelz)
2021-10-04 16:50 ` Maxime Devos
2021-10-02 13:03 ` Christine Lemmer-Webber
2021-10-02 14:00 ` [bug#50960] ‘guix shell’ shebangs Ludovic Courtès
2021-10-03 22:50 ` Katherine Cox-Buday
2021-10-02 23:57 ` [bug#50960] [PATCH 00/10] Add 'guix shell' to subsume 'guix environment' Vagrant Cascadian
2021-10-03 8:36 ` Nicolò Balzarotti
2021-10-04 8:34 ` Ludovic Courtès
2021-10-04 17:12 ` Maxime Devos
2021-10-04 6:56 ` zimoun
2021-10-04 8:39 ` Ludovic Courtès
2021-10-04 10:40 ` zimoun
2021-10-04 12:23 ` Ludovic Courtès
2021-10-04 13:42 ` zimoun
2021-10-04 17:38 ` Leo Famulari
2021-10-08 7:43 ` Ludovic Courtès
2021-10-08 16:16 ` Leo Famulari
2021-10-09 13:38 ` Ludovic Courtès
2021-10-11 0:29 ` Leo Famulari
2021-10-04 21:29 ` [bug#50960] [EXT] " Thompson, David
2021-10-07 9:26 ` Ludovic Courtès
2021-10-07 10:52 ` pelzflorian (Florian Pelz)
2021-10-07 11:17 ` [bug#50960] [EXT] " Thompson, David
2021-10-07 12:01 ` pelzflorian (Florian Pelz)
2021-10-08 14:24 ` Katherine Cox-Buday
2021-10-11 9:13 ` zimoun
2021-10-06 8:12 ` Konrad Hinsen
2021-10-07 8:34 ` Ludovic Courtès
2021-10-07 9:15 ` Liliana Marie Prikler
2021-10-08 15:45 ` Konrad Hinsen
2021-10-09 7:45 ` Liliana Marie Prikler
2021-10-11 8:32 ` Ludovic Courtès
2021-10-09 8:07 ` Stefan
2021-10-11 21:37 ` [bug#50960] [PATCH v2 00/11] 'guix shell' strikes again Ludovic Courtès
2021-10-11 21:37 ` [bug#50960] [PATCH v2 01/11] packages: Add 'package-development-inputs' Ludovic Courtès
2021-10-12 6:39 ` zimoun
2021-10-12 9:54 ` Ludovic Courtès
2021-10-12 11:52 ` zimoun
2021-10-11 21:38 ` [bug#50960] [PATCH v2 02/11] profiles: Add 'package->development-manifest' Ludovic Courtès
2021-10-12 6:43 ` zimoun
2021-10-12 9:27 ` Ludovic Courtès
2021-10-11 21:38 ` [bug#50960] [PATCH v2 03/11] Add 'guix shell' Ludovic Courtès
2021-10-13 16:51 ` pelzflorian (Florian Pelz)
2021-10-11 21:38 ` [bug#50960] [PATCH v2 04/11] DRAFT shell: By default load the local 'guix.scm' or 'manifest.scm' file Ludovic Courtès
2021-10-11 21:38 ` [bug#50960] [PATCH v2 05/11] DRAFT shell: Honor in ~/.config/guix/shell-authorized-directories Ludovic Courtès
2021-10-11 21:38 ` [bug#50960] [PATCH v2 06/11] environment: Add tests for '--profile' Ludovic Courtès
2021-10-11 21:38 ` [bug#50960] [PATCH v2 07/11] environment: Skip derivation computation when '--profile' is used Ludovic Courtès
2021-10-11 21:38 ` [bug#50960] [PATCH v2 08/11] environment: Do not connect to the daemon " Ludovic Courtès
2021-10-11 21:38 ` [bug#50960] [PATCH v2 09/11] environment: Autoload some modules Ludovic Courtès
2021-10-11 21:38 ` [bug#50960] [PATCH v2 10/11] cache: Gracefully handle non-existent cache Ludovic Courtès
2021-10-11 21:38 ` [bug#50960] [PATCH v2 11/11] shell: Maintain a profile cache Ludovic Courtès
2021-10-12 8:53 ` [bug#50960] [PATCH v2 00/11] 'guix shell' strikes again pelzflorian (Florian Pelz)
2021-10-12 8:57 ` pelzflorian (Florian Pelz)
2021-10-12 9:55 ` Ludovic Courtès
2021-10-18 19:52 ` [bug#50960] [PATCH v3 00/10] Adding 'guix shell': last call! Ludovic Courtès
2021-10-18 19:52 ` [bug#50960] [PATCH v3 01/10] packages: Add 'package-development-inputs' Ludovic Courtès
2021-10-18 19:52 ` [bug#50960] [PATCH v3 02/10] profiles: Add 'package->development-manifest' Ludovic Courtès
2021-10-18 19:52 ` [bug#50960] [PATCH v3 03/10] Add 'guix shell' Ludovic Courtès
2021-10-18 19:52 ` [bug#50960] [PATCH v3 04/10] shell: By default load the local 'guix.scm' or 'manifest.scm' file Ludovic Courtès
2021-10-18 19:52 ` [bug#50960] [PATCH v3 05/10] environment: Add tests for '--profile' Ludovic Courtès
2021-10-18 19:52 ` [bug#50960] [PATCH v3 06/10] environment: Skip derivation computation when '--profile' is used Ludovic Courtès
2021-10-18 19:52 ` [bug#50960] [PATCH v3 07/10] environment: Do not connect to the daemon " Ludovic Courtès
2021-10-18 19:52 ` [bug#50960] [PATCH v3 08/10] environment: Autoload some modules Ludovic Courtès
2021-10-18 19:52 ` [bug#50960] [PATCH v3 09/10] cache: Gracefully handle non-existent cache Ludovic Courtès
2021-10-18 19:52 ` [bug#50960] [PATCH v3 10/10] shell: Maintain a profile cache Ludovic Courtès
2021-10-19 8:43 ` [bug#50960] [PATCH v3 00/10] Adding 'guix shell': last call! zimoun
2021-10-25 13:41 ` [bug#50960] [PATCH 00/10] Add 'guix shell' to subsume 'guix environment' zimoun
2021-10-25 18:19 ` Ludovic Courtès
2021-10-25 19:45 ` zimoun
2021-10-25 18:25 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bl45tdpn.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=50960@debbugs.gnu.org \
--cc=maximedevos@telenet.be \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).