diff options
| author | Maxime Devos <maximedevos@telenet.be> | 2021-03-30 22:36:14 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2021-04-03 22:08:34 +0200 |
| commit | 2161820ebbbab62a5ce76c9101ebaec54dc61586 (patch) | |
| tree | f70f3c4db96b6774adbe77ce39ed45885846d79b | |
| parent | 222fff253c6c6a3d1def16ed90723d7f2c4f9b89 (diff) | |
| download | guix-2161820ebbbab62a5ce76c9101ebaec54dc61586.tar.gz | |
activation: Do not dereference symlinks during home directory creation.
Fixes <https://bugs.gnu.org/47584>. * gnu/build/activation.scm (copy-account-skeletons): Do not chown the home directory; leave this to 'activate-user-home'. (activate-user-home): Only chown the home directory after the account skeletons have been copied. Co-authored-by: Ludovic Courtès <ludo@gnu.org>.
| -rw-r--r-- | gnu/build/activation.scm | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm index 6cb6f8819b..2af1d44b5f 100644 --- a/gnu/build/activation.scm +++ b/gnu/build/activation.scm @@ -107,7 +107,8 @@ Warning: this is currently suspect to a TOCTTOU race!" (directory %skeleton-directory) uid gid) "Copy the account skeletons from DIRECTORY to HOME. When UID is an integer, -make it the owner of all the files created; likewise for GID." +make it the owner of all the files created except the home directory; likewise +for GID." (define (set-owner file) (when (or uid gid) (chown file (or uid -1) (or gid -1)))) @@ -115,7 +116,6 @@ make it the owner of all the files created; likewise for GID." (let ((files (scandir directory (negate dot-or-dot-dot?) string<?))) (mkdir-p home) - (set-owner home) (for-each (lambda (file) (let ((target (string-append home "/" file))) (copy-recursively (string-append directory "/" file) @@ -215,10 +215,15 @@ they already exist." (uid (passwd:uid pw)) (gid (passwd:gid pw))) (mkdir-p home) - (chown home uid gid) (chmod home #o700) (copy-account-skeletons home - #:uid uid #:gid gid)))))) + #:uid uid #:gid gid) + + ;; It is important 'chown' be called after + ;; 'copy-account-skeletons'. Otherwise, a malicious user with + ;; good timing could create a symlink in HOME that would be + ;; dereferenced by 'copy-account-skeletons'. + (chown home uid gid)))))) (for-each ensure-user-home users)) |