From aa8de806252e3835d57fab351b02d13db762deac Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 9 Feb 2021 09:55:27 +0100 Subject: activation: Do not make setuid programs setgid-root [security]. Fixes . Reported by Duncan Overbruck . * gnu/build/activation.scm (activate-setuid-programs): Change TARGET mode to not be setgid. --- gnu/build/activation.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/build') diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm index 4b67926e88..b458aee4ae 100644 --- a/gnu/build/activation.scm +++ b/gnu/build/activation.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès +;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès ;;; Copyright © 2015 Mark H Weaver ;;; ;;; This file is part of GNU Guix. @@ -234,7 +234,7 @@ they already exist." "/" (basename prog)))) (copy-file prog target) (chown target 0 0) - (chmod target #o6555))) + (chmod target #o4555))) (format #t "setting up setuid programs in '~a'...~%" %setuid-directory) -- cgit 1.4.1