Ludovic Courtès schreef op za 02-10-2021 om 12:22 [+0200]: > +(define (find-file-in-parent-directories candidates) > + "Find one of CANDIDATES in the current directory or one of its ancestors." > + (let loop ((directory (getcwd))) > + (and (= (stat:uid (stat directory)) (getuid)) > + (or (any (lambda (candidate) > + (let ((candidate (string-append directory "/" candidate))) > + (and (file-exists? candidate) candidate))) > + candidates) > + (loop (string-append directory "/..")))))) ;Unix ".." resolution I do not recommend this. What would happen if someone creates a temporary directory "/tmp/stuff" do things in to throw away later (setting permissions appropriately), tries to create a guix.scm in that directory but misspells it as, say, guix.sm, and runs "guix shell" from within /tmp/stuff? Then find-file-in-parent-directories would load /tmp/guix.scm (possibly created by a local attacker, assuming a multi-user system), -- if it weren't for the (= (stat:uid (stat directory)) (getuid)). Because of the (= (stat:uid ...) (getuid)), this attack method is not possible. However, it causes other issues. Now it isn't possible for two users (that trust each other), to set up a directory writable by both (e.g. with ACLs, or by making the directory group-writable and placing the two users in the same group), for working together, with a guix.scm usable by both. These can be two users on the same machine, or remotely via something like NFS, or a single person having multiple user accounts used for different purposes. (I once created multiple user accounts on Debian: one regular purpose, one for reading and games, and one for school, and made the ‘for-reading’ and ‘school’ home directory readable by the ‘regular-purpose’ account. It was occasionally useful.) Greetings, Maxime.