guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/07: git-authenticate: Ignore authenticated commit cache when it's not

From: guix-commits
Subject: 01/07: git-authenticate: Ignore authenticated commit cache when it's not #o600.
Date: Sun, 21 Jun 2020 11:40:18 -0400 (EDT) 
civodul pushed a commit to branch master
in repository guix.

commit 41939c374a3ef421d2d4c6453c327a9cd7af4ce5
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Sun Jun 21 15:34:53 2020 +0200

    git-authenticate: Ignore authenticated commit cache when it's not #o600.
    
    * guix/git-authenticate.scm (previously-authenticated-commits): Stat
    PORT; return the empty list if it's no #o600 and change it to #o600.
---
 guix/git-authenticate.scm | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index 228d551..082c44e 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -306,7 +306,14 @@ IDs (hex strings)."
   (catch 'system-error
     (lambda ()
       (call-with-input-file (authenticated-commit-cache-file key)
-        read))
+        (lambda (port)
+          ;; If PORT has the wrong permissions, it might have been tampered
+          ;; with by another user so ignore its contents.
+          (if (= #o600 (stat:perms (stat port)))
+              (read port)
+              (begin
+                (chmod port #o600)
+                '())))))
     (lambda args
       (if (= ENOENT (system-error-errno args))
           '()
reply via email to
[Prev in Thread] Current Thread [Next in Thread]