diff options
| author | Efraim Flashner <efraim@flashner.co.il> | 2021-04-16 14:39:48 +0300 |
|---|---|---|
| committer | Efraim Flashner <efraim@flashner.co.il> | 2021-04-16 14:39:48 +0300 |
| commit | fcc39864dba82e14895afbe841091091366c96bc (patch) | |
| tree | 6e0f05495fd6512051224dc85fd3ab495cbf1a24 /gnu/build | |
| parent | 76fc36d0a7215979bb74c05840f5a4de4ab5ea93 (diff) | |
| parent | 44f9432705d04c069a8acf9e37e3ad856ac0bf82 (diff) | |
| download | guix-fcc39864dba82e14895afbe841091091366c96bc.tar.gz | |
Merge remote-tracking branch 'origin/master' into core-updates
Conflicts: gnu/local.mk gnu/packages/boost.scm gnu/packages/chez.scm gnu/packages/compression.scm gnu/packages/crates-io.scm gnu/packages/docbook.scm gnu/packages/engineering.scm gnu/packages/gcc.scm gnu/packages/gl.scm gnu/packages/gtk.scm gnu/packages/nettle.scm gnu/packages/python-check.scm gnu/packages/python-xyz.scm gnu/packages/radio.scm gnu/packages/rust.scm gnu/packages/sqlite.scm guix/build-system/node.scm
Diffstat (limited to 'gnu/build')
| -rw-r--r-- | gnu/build/activation.scm | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm index 6cb6f8819b..2af1d44b5f 100644 --- a/gnu/build/activation.scm +++ b/gnu/build/activation.scm @@ -107,7 +107,8 @@ Warning: this is currently suspect to a TOCTTOU race!" (directory %skeleton-directory) uid gid) "Copy the account skeletons from DIRECTORY to HOME. When UID is an integer, -make it the owner of all the files created; likewise for GID." +make it the owner of all the files created except the home directory; likewise +for GID." (define (set-owner file) (when (or uid gid) (chown file (or uid -1) (or gid -1)))) @@ -115,7 +116,6 @@ make it the owner of all the files created; likewise for GID." (let ((files (scandir directory (negate dot-or-dot-dot?) string<?))) (mkdir-p home) - (set-owner home) (for-each (lambda (file) (let ((target (string-append home "/" file))) (copy-recursively (string-append directory "/" file) @@ -215,10 +215,15 @@ they already exist." (uid (passwd:uid pw)) (gid (passwd:gid pw))) (mkdir-p home) - (chown home uid gid) (chmod home #o700) (copy-account-skeletons home - #:uid uid #:gid gid)))))) + #:uid uid #:gid gid) + + ;; It is important 'chown' be called after + ;; 'copy-account-skeletons'. Otherwise, a malicious user with + ;; good timing could create a symlink in HOME that would be + ;; dereferenced by 'copy-account-skeletons'. + (chown home uid gid)))))) (for-each ensure-user-home users)) |