bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)

From: Ludovic Courtès
Subject: bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
Date: Wed, 16 Oct 2019 22:01:37 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) 
Tobias Geerinckx-Rice <address@hidden> skribis:

> Ludovic Courtès 写道:
>> diff --git a/nix/libstore/local-store.cc
>> b/nix/libstore/local-store.cc
>> index 3b08492c64..3793382361 100644
>> --- a/nix/libstore/local-store.cc
>> +++ b/nix/libstore/local-store.cc
>> @@ -88,8 +88,9 @@ LocalStore::LocalStore(bool reserveSpace)
>>           Path perUserDir = profilesDir + "/per-user";
>>          createDirs(perUserDir);
>> -        if (chmod(perUserDir.c_str(), 01777) == -1)
>> -            throw SysError(format("could not set permissions on
>> '%1%' to 1777") % perUserDir);
>> +        if (chmod(perUserDir.c_str(), 0755) == -1)
>> +            throw SysError(format("could not set permissions on
>> '%1%' to 755")
>> +                           % perUserDir);
>>           mode_t perm = 01775;
>
> This is inside
>
>  if (getuid() == 0 && settings.buildUsersGroup != "") {
>
>  }
>
> It's not clear to me why the second condition here is relevant, but I
> don't have the big picture.  Nor do I suspect I want it.

Yeah ‘settings.buildUsersGroup != ""’ probably doesn’t make all that
much sense here but it was already there and we strongly discourage
against root without ‘--build-users-group’ anyway.

Thanks for having lynx eyes!  :-)

Ludo’.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]