[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
From: |
Ludovic Courtès |
Subject: |
bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix) |
Date: |
Wed, 16 Oct 2019 22:01:37 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Tobias Geerinckx-Rice <address@hidden> skribis:
> Ludovic Courtès 写道:
>> diff --git a/nix/libstore/local-store.cc
>> b/nix/libstore/local-store.cc
>> index 3b08492c64..3793382361 100644
>> --- a/nix/libstore/local-store.cc
>> +++ b/nix/libstore/local-store.cc
>> @@ -88,8 +88,9 @@ LocalStore::LocalStore(bool reserveSpace)
>> Path perUserDir = profilesDir + "/per-user";
>> createDirs(perUserDir);
>> - if (chmod(perUserDir.c_str(), 01777) == -1)
>> - throw SysError(format("could not set permissions on
>> '%1%' to 1777") % perUserDir);
>> + if (chmod(perUserDir.c_str(), 0755) == -1)
>> + throw SysError(format("could not set permissions on
>> '%1%' to 755")
>> + % perUserDir);
>> mode_t perm = 01775;
>
> This is inside
>
> if (getuid() == 0 && settings.buildUsersGroup != "") {
> …
> }
>
> It's not clear to me why the second condition here is relevant, but I
> don't have the big picture. Nor do I suspect I want it.
Yeah ‘settings.buildUsersGroup != ""’ probably doesn’t make all that
much sense here but it was already there and we strongly discourage
against root without ‘--build-users-group’ anyway.
Thanks for having lynx eyes! :-)
Ludo’.
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), (continued)
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/17
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/17
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/17
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Bengt Richter, 2019/10/17
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/18
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Bengt Richter, 2019/10/18
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix),
Ludovic Courtès <=
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Julien Lepiller, 2019/10/16