From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id qDSpLt4/G2dW5gAAe85BDQ:P1 (envelope-from ) for ; Fri, 25 Oct 2024 06:51:10 +0000 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id qDSpLt4/G2dW5gAAe85BDQ (envelope-from ) for ; Fri, 25 Oct 2024 08:51:10 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b="IShK9/WS"; dkim=fail ("headers eddsa verify failed") header.d=russelstein.xyz header.s=ed25519 header.b=CTRzyj48; dkim=fail ("headers rsa verify failed") header.d=russelstein.xyz header.s=rsa header.b=Fl6FVtt8; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1729839070; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:list-id:list-help:list-unsubscribe:list-subscribe: list-post:dkim-signature; bh=e3RpqkqqwLF6EmpbkEF4CayBvOKhm0JlqLUJRm00jdY=; b=Jkprl/bLbpcw0Yg8xAT8CDYmxKP/+6hSXOsBRYqZAwDEr5waZKjKVYcVwqJch8YxerVLie 9hhwrYoIZ9c6AVMg2pySzrHTMwuIyvk3dR5DY6L+ce/mf9pg94461JpkKHez8n9bD/2UCp EJy1Aol6TzcXbzeRwOFjPnmePNBOQCgdOAzqWoN80sjHVMh4t1hLD2WrIKvxUBJq3zXYLH xB7iof0fZbMZCFg79NbixEUmXFrg5cJ59bcGgQ29smwxj710qC1LQeT3yzf86ah4+0wc0O lEG6uVkZ1NUbD80Fk8U96D/ZZb2vZfsTMajlrifUWqHb02crfb/jTO4g5UtthA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1729839070; a=rsa-sha256; cv=none; b=rboAnIq2slZSqt7mI25LVN4FxQudBqkexufDpRSS4oDHxYG+wTlqlw9rCBQMdoOEcOnCcK CBah53/Gv9U9H6pBfPMEcUMthCrYQQE05u9kKQLb6gRT0kZ9+wDAZCATPiQSdkEjLhij4A pqIBoz0CdOlL6teGPATV77l4iICP6QFF+qh7a2LYmdaE1N3/tFuFeoorY9/au/VvyYkdkS dtiLImmT0Dx2fLxUowLvCYIou8zIZGkdvjBvQOOgqZQlsgjuVOOw0zuzF0ipQytK/e+8zv xry0SHkSBaxljX0yLdQqO3OVdzDj8s8956qR4OOGTXKyfXexc1gHDUBo/byCSw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b="IShK9/WS"; dkim=fail ("headers eddsa verify failed") header.d=russelstein.xyz header.s=ed25519 header.b=CTRzyj48; dkim=fail ("headers rsa verify failed") header.d=russelstein.xyz header.s=rsa header.b=Fl6FVtt8; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 498D85C06C for ; Fri, 25 Oct 2024 08:51:09 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1t4E9b-00028v-WE; Fri, 25 Oct 2024 02:50:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t4E9X-00023p-49 for guix-patches@gnu.org; Fri, 25 Oct 2024 02:50:31 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1t4E9W-0000sh-Qq for guix-patches@gnu.org; Fri, 25 Oct 2024 02:50:30 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:Subject; bh=e3RpqkqqwLF6EmpbkEF4CayBvOKhm0JlqLUJRm00jdY=; b=IShK9/WSKUOL5qevDtbRZ51DAp90efJDeiAVFQDRpNT3+Of3i+ZxYMfZt/aBc9rvlAFDvij2BBMx8VbJN+YeWw693fcASt1xYfdRrQzmoYBR3GFRVBj70jXbKBJorjLcBHuYXAg5iAd5o+XleXk2YwbKZKu/BxnmGfazgONxC9fAggG6+kzMRfVyZtgkaihS8r4ZgJqqIsEagV6uV+oTt4lCKeuqc/gsBHeCCd4UenlA4ALcA/xLybCgOAT4wn5oOSC3xizycjOlt38BCcpka77zv+nNVsSKouuyk8TZoPmC+IKfjJ/pxMea2MwV39KtC2uYiu5pODcxsenBJOuGBw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1t4EA1-0002T2-TL for guix-patches@gnu.org; Fri, 25 Oct 2024 02:51:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#74002] [PATCH] create directory with specified permissions in mkdir-p/perms Resent-From: Reepca Russelstein Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 25 Oct 2024 06:51:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 74002 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 74002@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.17298390479454 (code B ref -1); Fri, 25 Oct 2024 06:51:01 +0000 Received: (at submit) by debbugs.gnu.org; 25 Oct 2024 06:50:47 +0000 Received: from localhost ([127.0.0.1]:37024 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t4E9n-0002SQ-0e for submit@debbugs.gnu.org; Fri, 25 Oct 2024 02:50:47 -0400 Received: from lists.gnu.org ([209.51.188.17]:54726) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t4E9i-0002RC-Uw for submit@debbugs.gnu.org; Fri, 25 Oct 2024 02:50:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t4E9B-00021X-Dz for guix-patches@gnu.org; Fri, 25 Oct 2024 02:50:09 -0400 Received: from mailout.russelstein.xyz ([2605:6400:20:11e::1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t4E98-0000eZ-DP for guix-patches@gnu.org; Fri, 25 Oct 2024 02:50:09 -0400 DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=russelstein.xyz; s=ed25519; h=Content-Type:MIME-Version:Message-ID:Date: Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=e3RpqkqqwLF6EmpbkEF4CayBvOKhm0JlqLUJRm00jdY=; b=CTRzyj48zhvJDdqPyebKhnqHp1 KBp3/xCmkpKkYIvGsoLX5urz0xFA6Kx1yPFtqHoI/GsjfsuC1hhct4lOsUAw==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=russelstein.xyz; s=rsa; h=Content-Type:MIME-Version:Message-ID:Date:Subject :To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=e3RpqkqqwLF6EmpbkEF4CayBvOKhm0JlqLUJRm00jdY=; b=Fl6FVtt8YjGLnFAeZDU0kDq8aZ C5cofJi1r+mG3qDmKl1LPLz6vni3WbTXqzjITlZUWBxkeaDbtgNOcvLLAvfdQuogkD6OUcw5Fz07D MbhWUOiw5TYoyebb9Uo/C7TMuJ4WSCaSfwmqzvOxPCmE+MEMPAeO6sxzatz3Ei1qH0e9A+3JEmlxG Y8u20bQmfS/B1Q5PEGGWTaRkHabdju/XJlyZg+U1lRXshsT1l7c/iQo3Dd4ziNDQ/0poKwulcbTY1 RtDfPgDwXO5GxH9rGvF8KC9sFcTVECaRh3t6BLZEJPVtZX14NY4t/Lc8MBEKMjuM6HSrTzia8LUKN tJXpi035wg5XMmR/h+cUa55ryF1GCSeskklyrwzMa5cq2h6egR7JNGtMv6rLfSkFS5qOBboMGGUmH XvZciw1JmB8wo7OeJPTEI9L9TR7aTFnVFQZTKK5PzxWtAqfmeZJYLcJJ1FcfNC573/LxCSffOYYXN +SQApbAg+gTcvhZFKF+1/1kFyWAR4L+A02EzSlu+2rX1019tvkNUbRIXNle9UijnNByBKeex/dtPq 7Tm4ibTKdzkrFtbkJlnrCa1G2sKPPIge0Lr7h+IiuNFk3jlrvxxKcemfNkWejYqG8wETyQR4/YUO3 k3qKYcWjkMM9vYqoXys1kvHS9AUAbElSzxzWPwAak=; Received: by russelstein.xyz with esmtpsa (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.98) (envelope-from ) id 1t4E91-000000006fv-1TYi for guix-patches@gnu.org; Fri, 25 Oct 2024 01:50:00 -0500 Date: Fri, 25 Oct 2024 01:48:03 -0500 Message-ID: <87y12che58.fsf@russelstein.xyz> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Received-SPF: pass client-ip=2605:6400:20:11e::1; envelope-from=reepca@russelstein.xyz; helo=mailout.russelstein.xyz X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Reepca Russelstein X-ACL-Warn: , Reepca Russelstein via Guix-patches From: Reepca Russelstein via Guix-patches via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -5.34 X-Spam-Score: -5.34 X-Migadu-Queue-Id: 498D85C06C X-Migadu-Scanner: mx13.migadu.com X-TUID: vX73VFsdOk55 --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain mkdir-p/perms in (gnu build activation) currently first creates the target directory with its permissions restricted solely by umask, then changes the permissions afterward. This leaves a window during which it is possible that read and/or execute bits for untrusted users may be set on the target directory. By changing it so that the directory, if it is created, is created with no more permissions than the caller specified, we can be confident that if the directory didn't already exist - for example because it was deliberately deleted in advance - it at no point was more accessible than intended. - reepca --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-gnu-build-create-directory-with-specified-perms-in-m.patch Content-Transfer-Encoding: quoted-printable From=20736515a6e2e0e403c076c74b3019b69518a6bc9e Mon Sep 17 00:00:00 2001 From: Reepca Russelstein Date: Fri, 25 Oct 2024 01:04:48 -0500 Subject: [PATCH] gnu: build: create directory with specified perms in mkdir-p/perms. There is currently a window of time between when the desired directory is created and when its permissions are changed. During this time, its permissions are restricted only by the umask. Of course, in the "directory already exists" case, this doesn't matter, but= if the directory has been specifically deleted ahead of time so that it is created afresh, this is an unnecessary window. We can avoid this by passing the caller-provided BITS to 'mkdirat' when attempting to create the last directory. * gnu/build/activation.scm (mkdir-p/perms): Create target directory with BI= TS permissions. Change-Id: I03d2c620872e86b6f591abe0f1c8317aa1245383 =2D-- gnu/build/activation.scm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm index d1a2876..a450578 100644 =2D-- a/gnu/build/activation.scm +++ b/gnu/build/activation.scm @@ -113,7 +113,9 @@ (define open-flags (logior O_CLOEXEC ; don't pass the p= ort on to subprocesses ;; If not, create it. (catch 'system-error (lambda _ =2D (mkdirat root head)) + (if (null? tail) + (mkdirat root head bits) + (mkdirat root head))) (lambda args ;; Someone else created the directory. Unexpected but fin= e. (unless (=3D EEXIST (system-error-errno args)) =2D-=20 2.45.2 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQFLBAEBCAA1FiEEdNapMPRLm4SepVYGwWaqSV9/GJwFAmcbPyMXHHJlZXBjYUBy dXNzZWxzdGVpbi54eXoACgkQwWaqSV9/GJxIvAgAi8PUz7die5MiJiYMaV23CJxc OcYDnjY1Kk+alQO1M0zU4sLpUIvDM4eWC0WRFAMYDXXAJS2Sxa6OkUYlh6R1Oq9N +lulUhBnnWAk7wzIadT4Gq3goN8m8GRPagpo3lpZto7cMXQn5P11gwrfJZht5hgE WqYEkkA2VGKAaLbvPRzYvKUWlrooXUobpELxeHh0VWyEGjEKIUrNAZ9GNQzUY++p 8leKne5aBwndrgQmf15oCd8hpXgcrsH3Bl1EZM10N9UAjUUFrqe06MvDNQYsDErT PkzgWfjM5LEp1LnQkamlBRhl0pRlP5x34JO9DXFsfab2c1qvu7QvqW8viEzVdg== =4NHN -----END PGP SIGNATURE----- --==-=-=--