03/04: activation: Do not dereference symlinks during home directory cre

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

03/04: activation: Do not dereference symlinks during home directory cre

From:	guix-commits
Subject:	03/04: activation: Do not dereference symlinks during home directory creation.
Date:	Sat, 3 Apr 2021 16:10:40 -0400 (EDT)

civodul pushed a commit to branch master
in repository guix.

commit 2161820ebbbab62a5ce76c9101ebaec54dc61586
Author: Maxime Devos <maximedevos@telenet.be>
AuthorDate: Tue Mar 30 22:36:14 2021 +0200

    activation: Do not dereference symlinks during home directory creation.
    
    Fixes <https://bugs.gnu.org/47584>.
    
    * gnu/build/activation.scm (copy-account-skeletons): Do not chown the
    home directory; leave this to 'activate-user-home'.
    (activate-user-home): Only chown the home directory after the account
    skeletons have been copied.
    
    Co-authored-by: Ludovic Courtès <ludo@gnu.org>.
---
 gnu/build/activation.scm | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index 6cb6f88..2af1d44 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -107,7 +107,8 @@ Warning: this is currently suspect to a TOCTTOU race!"
                                  (directory %skeleton-directory)
                                  uid gid)
   "Copy the account skeletons from DIRECTORY to HOME.  When UID is an integer,
-make it the owner of all the files created; likewise for GID."
+make it the owner of all the files created except the home directory; likewise
+for GID."
   (define (set-owner file)
     (when (or uid gid)
       (chown file (or uid -1) (or gid -1))))
@@ -115,7 +116,6 @@ make it the owner of all the files created; likewise for 
GID."
   (let ((files (scandir directory (negate dot-or-dot-dot?)
                         string<?)))
     (mkdir-p home)
-    (set-owner home)
     (for-each (lambda (file)
                 (let ((target (string-append home "/" file)))
                   (copy-recursively (string-append directory "/" file)
@@ -215,10 +215,15 @@ they already exist."
                  (uid (passwd:uid pw))
                  (gid (passwd:gid pw)))
             (mkdir-p home)
-            (chown home uid gid)
             (chmod home #o700)
             (copy-account-skeletons home
-                                    #:uid uid #:gid gid))))))
+                                    #:uid uid #:gid gid)
+
+            ;; It is important 'chown' be called after
+            ;; 'copy-account-skeletons'.  Otherwise, a malicious user with
+            ;; good timing could create a symlink in HOME that would be
+            ;; dereferenced by 'copy-account-skeletons'.
+            (chown home uid gid))))))
 
   (for-each ensure-user-home users))

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (b495254 -> 72f911b), guix-commits, 2021/04/03
- 02/04: daemon: Remove dead code., guix-commits, 2021/04/03
- 01/04: services: guix-publish: Add zstd compression by default., guix-commits, 2021/04/03
- 03/04: activation: Do not dereference symlinks during home directory creation., guix-commits <=
- 04/04: news: Add entry for user account activation vulnerability., guix-commits, 2021/04/03

Prev by Date: 01/04: services: guix-publish: Add zstd compression by default.
Next by Date: 04/04: news: Add entry for user account activation vulnerability.
Previous by thread: 01/04: services: guix-publish: Add zstd compression by default.
Next by thread: 04/04: news: Add entry for user account activation vulnerability.
Index(es):
- Date
- Thread