[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: activation: Do not create setuid binaries in the store [security
|
From: |
Ludovic Courtès |
|
Subject: |
01/01: activation: Do not create setuid binaries in the store [security fix]. |
|
Date: |
Sun, 8 Oct 2017 15:31:38 -0400 (EDT) |
civodul pushed a commit to branch master
in repository guix.
commit 5e66574a128937e7f2fcf146d146225703ccfd5d
Author: Ludovic Courtès <address@hidden>
Date: Sun Oct 8 21:25:32 2017 +0200
activation: Do not create setuid binaries in the store [security fix].
Fixes <https://bugs.gnu.org/28751>.
* gnu/build/activation.scm (activate-setuid-programs)[link-or-copy]: Remove.
Use 'copy-file' instead.
---
gnu/build/activation.scm | 13 +------------
1 file changed, 1 insertion(+), 12 deletions(-)
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index 9c58370..6c0d603 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -353,24 +353,13 @@ they already exist."
;; Place where setuid programs are stored.
"/run/setuid-programs")
-(define (link-or-copy source target)
- "Attempt to make TARGET a hard link to SOURCE; if it fails, fall back to
-copy SOURCE to TARGET."
- (catch 'system-error
- (lambda ()
- (link source target))
- (lambda args
- ;; Perhaps SOURCE and TARGET live in a different file system, so copy
- ;; SOURCE.
- (copy-file source target))))
-
(define (activate-setuid-programs programs)
"Turn PROGRAMS, a list of file names, into setuid programs stored under
%SETUID-DIRECTORY."
(define (make-setuid-program prog)
(let ((target (string-append %setuid-directory
"/" (basename prog))))
- (link-or-copy prog target)
+ (copy-file prog target)
(chown target 0 0)
(chmod target #o6555)))