aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMaxime Devos <maximedevos@telenet.be>2021-03-30 22:36:14 +0200
committerLudovic Courtès <ludo@gnu.org>2021-04-03 22:08:34 +0200
commit2161820ebbbab62a5ce76c9101ebaec54dc61586 (patch)
treef70f3c4db96b6774adbe77ce39ed45885846d79b
parent222fff253c6c6a3d1def16ed90723d7f2c4f9b89 (diff)
downloadguix-2161820ebbbab62a5ce76c9101ebaec54dc61586.tar.gz
guix-2161820ebbbab62a5ce76c9101ebaec54dc61586.zip
activation: Do not dereference symlinks during home directory creation.
Fixes <https://bugs.gnu.org/47584>. * gnu/build/activation.scm (copy-account-skeletons): Do not chown the home directory; leave this to 'activate-user-home'. (activate-user-home): Only chown the home directory after the account skeletons have been copied. Co-authored-by: Ludovic Courtès <ludo@gnu.org>.
-rw-r--r--gnu/build/activation.scm13
1 files changed, 9 insertions, 4 deletions
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index 6cb6f8819b..2af1d44b5f 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -107,7 +107,8 @@ Warning: this is currently suspect to a TOCTTOU race!"
(directory %skeleton-directory)
uid gid)
"Copy the account skeletons from DIRECTORY to HOME. When UID is an integer,
-make it the owner of all the files created; likewise for GID."
+make it the owner of all the files created except the home directory; likewise
+for GID."
(define (set-owner file)
(when (or uid gid)
(chown file (or uid -1) (or gid -1))))
@@ -115,7 +116,6 @@ make it the owner of all the files created; likewise for GID."
(let ((files (scandir directory (negate dot-or-dot-dot?)
string<?)))
(mkdir-p home)
- (set-owner home)
(for-each (lambda (file)
(let ((target (string-append home "/" file)))
(copy-recursively (string-append directory "/" file)
@@ -215,10 +215,15 @@ they already exist."
(uid (passwd:uid pw))
(gid (passwd:gid pw)))
(mkdir-p home)
- (chown home uid gid)
(chmod home #o700)
(copy-account-skeletons home
- #:uid uid #:gid gid))))))
+ #:uid uid #:gid gid)
+
+ ;; It is important 'chown' be called after
+ ;; 'copy-account-skeletons'. Otherwise, a malicious user with
+ ;; good timing could create a symlink in HOME that would be
+ ;; dereferenced by 'copy-account-skeletons'.
+ (chown home uid gid))))))
(for-each ensure-user-home users))