* [bug#74002] [PATCH] create directory with specified permissions in mkdir-p/perms
@ 2024-10-25 6:48 Reepca Russelstein via Guix-patches via
0 siblings, 0 replies; only message in thread
From: Reepca Russelstein via Guix-patches via @ 2024-10-25 6:48 UTC (permalink / raw)
To: 74002
[-- Attachment #1.1: Type: text/plain, Size: 616 bytes --]
mkdir-p/perms in (gnu build activation) currently first creates the
target directory with its permissions restricted solely by umask, then
changes the permissions afterward. This leaves a window during which it
is possible that read and/or execute bits for untrusted users may be set
on the target directory.
By changing it so that the directory, if it is created, is created with
no more permissions than the caller specified, we can be confident that
if the directory didn't already exist - for example because it was
deliberately deleted in advance - it at no point was more accessible
than intended.
- reepca
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: 0001-gnu-build-create-directory-with-specified-perms-in-m.patch --]
[-- Type: text/x-patch, Size: 1717 bytes --]
From 736515a6e2e0e403c076c74b3019b69518a6bc9e Mon Sep 17 00:00:00 2001
From: Reepca Russelstein <reepca@russelstein.xyz>
Date: Fri, 25 Oct 2024 01:04:48 -0500
Subject: [PATCH] gnu: build: create directory with specified perms in
mkdir-p/perms.
There is currently a window of time between when the desired directory is
created and when its permissions are changed. During this time, its
permissions are restricted only by the umask.
Of course, in the "directory already exists" case, this doesn't matter, but if
the directory has been specifically deleted ahead of time so that it is
created afresh, this is an unnecessary window.
We can avoid this by passing the caller-provided BITS to 'mkdirat' when
attempting to create the last directory.
* gnu/build/activation.scm (mkdir-p/perms): Create target directory with BITS
permissions.
Change-Id: I03d2c620872e86b6f591abe0f1c8317aa1245383
---
gnu/build/activation.scm | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index d1a2876..a450578 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -113,7 +113,9 @@ (define open-flags (logior O_CLOEXEC ; don't pass the port on to subprocesses
;; If not, create it.
(catch 'system-error
(lambda _
- (mkdirat root head))
+ (if (null? tail)
+ (mkdirat root head bits)
+ (mkdirat root head)))
(lambda args
;; Someone else created the directory. Unexpected but fine.
(unless (= EEXIST (system-error-errno args))
--
2.45.2
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 519 bytes --]
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2024-10-25 6:51 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-10-25 6:48 [bug#74002] [PATCH] create directory with specified permissions in mkdir-p/perms Reepca Russelstein via Guix-patches via
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).