ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2025-01-25 20:19:18 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

activation: Do not make setuid programs setgid-root [security].

Browse source 
Fixes <https://bugs.gnu.org/46395>.
Reported by Duncan Overbruck <mail@duncano.de>.

* gnu/build/activation.scm (activate-setuid-programs): Change TARGET
mode to not be setgid.
This commit is contained in:
Ludovic Courtès 2021-02-09 09:55:27 +01:00
parent 91911b9382
commit aa8de80625
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
gnu/build/activation.scm
View file

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU ;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; ;;;
;;; This file is part of GNU Guix. ;;; This file is part of GNU Guix.
@ -234,7 +234,7 @@ (define (make-setuid-program prog)
"/" (basename prog)))) "/" (basename prog))))
(copy-file prog target) (copy-file prog target)
(chown target 0 0) (chown target 0 0)
(chmod target #o6555))) (chmod target #o4555)))
(format #t "setting up setuid programs in '~a'...~%" (format #t "setting up setuid programs in '~a'...~%"
%setuid-directory) %setuid-directory)