From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp2 ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id MDsOIr1bKWAOcwAA0tVLHw
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sun, 14 Feb 2021 17:19:57 +0000
Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp2 with LMTPS
	id SF7hHb1bKWCoawAAB5/wlQ
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sun, 14 Feb 2021 17:19:57 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 1551B2F64E
	for <larch@yhetil.org>; Sun, 14 Feb 2021 18:19:57 +0100 (CET)
Received: from localhost ([::1]:51082 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	id 1lBL3s-0002dZ-81
	for larch@yhetil.org; Sun, 14 Feb 2021 12:19:56 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:54598)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <bokr@oz.net>) id 1lBL3R-0002Oa-9C
 for guix-devel@gnu.org; Sun, 14 Feb 2021 12:19:29 -0500
Received: from imta-37.everyone.net ([216.200.145.37]:56178
 helo=imta-38.everyone.net)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <bokr@oz.net>)
 id 1lBL3P-0007Qq-86; Sun, 14 Feb 2021 12:19:28 -0500
Received: from pps.filterd (m0004962.ppops.net [127.0.0.1])
 by imta-38.everyone.net (8.16.0.43/8.16.0.43) with SMTP id 11EHDEW6026076;
 Sun, 14 Feb 2021 09:19:23 -0800
X-Eon-Originating-Account: dDqrq2Qmmt7MhzxFjssJy92K9zxlmJCJ46GCGuPpRIk
X-Eon-Dm: m0116293.ppops.net
Received: by m0116293.mta.everyone.net (EON-AUTHRELAY2 - 53b92617)
 id m0116293.6000aa54.2ef109; Sun, 14 Feb 2021 09:19:14 -0800
X-Eon-Sig: AQMHrIJgKVuS/YS3DAIAAAAD,910a2a900922f7512ace697ee9b7795c
X-Eip: 5oB-0wqkOkp-z5aCmXxP3lgjdKonfdT_52Oj5dP9Nmc
Date: Sun, 14 Feb 2021 18:19:05 +0100
From: Bengt Richter <bokr@bokr.com>
To: Maxime Devos <maximedevos@telenet.be>
Subject: Re: TOCTTOU race (was: Potential security weakness in Guix services)
Message-ID: <20210214171905.GA2887@LionPure>
References: <YBMybeFOP0VfW6G7@jasmine.lan> <87k0rrls0z.fsf@gnu.org>
 <08F0CD76-DDCF-4CFA-AE8D-5FB165A62B25@lepiller.eu>
 <c7e82df3921fb0eaefb9db798d634f63f6eb0142.camel@telenet.be>
 <87o8h2ehy7.fsf@gnu.org>
 <69968b3a01d872cabdf55a94b6c82d5057e010c9.camel@telenet.be>
 <87v9b66dm1.fsf@gnu.org>
 <56adb5efa894304c27beba99b07e2f8cfd8ee7cb.camel@telenet.be>
 <87zh0gzy52.fsf@gnu.org>
 <53c60ce40d68cfc93a9ea2c4a8f865026e12c889.camel@telenet.be>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <53c60ce40d68cfc93a9ea2c4a8f865026e12c889.camel@telenet.be>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.737
 definitions=2021-02-14_04:2021-02-12,
 2021-02-14 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0
 lowpriorityscore=0 adultscore=0
 suspectscore=0 phishscore=0 clxscore=1034 impostorscore=0 mlxlogscore=999
 malwarescore=0 priorityscore=1501 mlxscore=0 spamscore=0 bulkscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000
 definitions=main-2102140148
Received-SPF: pass client-ip=216.200.145.37; envelope-from=bokr@oz.net;
 helo=imta-38.everyone.net
X-Spam_score_int: -23
X-Spam_score: -2.4
X-Spam_bar: --
X-Spam_report: (-2.4 / 5.0 requ) BAYES_00=-1.9,
 HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_LOW=-0.7,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Reply-To: Bengt Richter <bokr@bokr.com>
Cc: guix-devel@gnu.org
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-Spam-Score: -1.86
Authentication-Results: aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org
X-Migadu-Queue-Id: 1551B2F64E
X-Spam-Score: -1.86
X-Migadu-Scanner: scn0.migadu.com
X-TUID: DRmU5KCr5QPc

Hi,

On +2021-02-14 13:29:29 +0100, Maxime Devos wrote:
> On Sat, 2021-02-06 at 22:26 +0100, Ludovic Courtès wrote:
> > 
> > [...]
> > I understand the TOCTTOU race.  However, activation code runs in two
> > situations: when booting the system (before shepherd takes over), and 
> > upon ‘guix system reconfigure’ completion.
> >

Until we have a guix jargon file and a
    guix gloss SEARCHARGS ...
convenience command, it is nice towards noobs to spell out
an abbreviation or acronym on first use ;-)

--8<---------------cut here---------------start------------->8---
Time-of-check to time-of-use

   From Wikipedia, the free encyclopedia
     (Redirected from TOCTTOU)
   Jump to navigation Jump to search

   In software development, time-of-check to time-of-use (TOCTOU, TOCTTOU
   or TOC/TOU) is a class of software bugs caused by a race condition
   involving the checking of the state of a part of a system (such as a
   security credential) and the use of the results of that check.

   TOCTOU race conditions are common in Unix between operations on the
   file system,^[1] but can occur in other contexts, including local
   sockets and improper use of database transactions. In the early 1990s,
   the mail utility of BSD 4.3 UNIX had an exploitable race condition for
   temporary files because it used the mktemp()^[2] function.^[3] Early
   versions of OpenSSH had an exploitable race condition for Unix domain
   sockets.^[4] They remain a problem in modern systems; as of 2019, a
   TOCTOU race condition in Docker allows root access to the filesystem of
   the host platform.^[5]
   [ ]
--8<---------------cut here---------------end--------------->8---

[...snip...]
-- 
Regards,
Bengt Richter