[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#55034] [PATCH 0/1] Let openssh trust /gnu/store
|
From: |
Ludovic Courtès |
|
Subject: |
[bug#55034] [PATCH 0/1] Let openssh trust /gnu/store |
|
Date: |
Wed, 20 Apr 2022 12:02:12 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Alexey Abramov <levenson@mmer.org> skribis:
> + safe_path(const char *name, struct stat *stp, const char *pw_dir,
> + uid_t uid, char *err, size_t errlen)
> + {
> ++ static const char gnu_store[] = "/gnu/store";
> + char buf[PATH_MAX], homedir[PATH_MAX];
> + char *cp;
> + int comparehome = 0;
> +@@ -2178,6 +2179,10 @@ safe_path(const char *name, struct stat *stp, const
> char *pw_dir,
> + }
> + strlcpy(buf, cp, sizeof(buf));
> +
> ++ /* If are past the Guix /gnu/store then we can stop */
> ++ if (strcmp(gnu_store, buf) == 0)
> ++ break;
We should not hard-code “/gnu/store” because it can be something else.
I think you can do like what ‘gcc-dl-cache.patch’ does: replace the
literal "/gnu/store" by @STORE_DIRECTORY@, and substitute it in a phase.
Also note that the strcmp above is incorrect: it would accept
/gnu/storesomethinglese. You probably need to add a trailing slash to
be sure.
Thanks,
Ludo’.