guix/gnu/services at 495a68e8e53b5f72c370c8a58a3ec5df892b17cb - ryan77627/guix

mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2024-11-18 12:47:33 -05:00

History

Maxime Devos 520bac7ed0 services: Prevent following symlinks during activation. This addresses a potential security issue, where a compromised service could trick the activation code in changing the permissions, owner and group of arbitrary files. However, this patch is currently only a partial fix, due to a TOCTTOU (time-of-check to time-of-use) race, which can be fixed once guile has bindings to openat and friends. Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html> * gnu/build/activation.scm: new procedure 'mkdir-p/perms'. * gnu/services/authentication.scm (%nslcd-activation, nslcd-service-type): use new procedure. * gnu/services/cups.scm (%cups-activation): likewise. * gnu/services/dbus.scm (dbus-activation): likewise. * gnu/services/dns.scm (knot-activation): likewise. Signed-off-by: Ludovic Courtès <ludo@gnu.org>		2021-03-10 18:01:47 +01:00
..
admin.scm
audio.scm
auditd.scm
authentication.scm	services: Prevent following symlinks during activation.	2021-03-10 18:01:47 +01:00
avahi.scm
base.scm
certbot.scm
cgit.scm
configuration.scm
cuirass.scm	services: cuirass: Remove simple cuirass configuration.	2021-03-10 09:05:02 +01:00
cups.scm	services: Prevent following symlinks during activation.	2021-03-10 18:01:47 +01:00
databases.scm	services: postgresql-roles: Fix race condition.	2021-02-23 11:00:18 +01:00
dbus.scm	services: Prevent following symlinks during activation.	2021-03-10 18:01:47 +01:00
desktop.scm
dict.scm
dns.scm	services: Prevent following symlinks during activation.	2021-03-10 18:01:47 +01:00
docker.scm
file-sharing.scm	services: Add transmission-daemon service.	2021-02-12 15:11:36 +08:00
games.scm
ganeti.scm
getmail.scm
guix.scm	services: guix-build-coordinator: Add dynamic auth with file record.	2021-03-05 09:29:58 +00:00
herd.scm
hurd.scm
kerberos.scm
linux.scm	gnu: Remove 'file-systems requirement from kernel-module-loader.	2021-02-08 03:34:40 +01:00
lirc.scm
mail.scm
mcron.scm
messaging.scm
monitoring.scm
networking.scm	services: tor: Add control-socket? option.	2021-02-22 10:03:02 -05:00
nfs.scm
nix.scm
pam-mount.scm
pm.scm
rsync.scm
science.scm
sddm.scm
security-token.scm
shepherd.scm	services: shepherd: Make 'assert-valid-graph' public.	2021-03-03 14:19:26 +01:00
sound.scm
spice.scm
ssh.scm
syncthing.scm
sysctl.scm
telephony.scm
version-control.scm
virtualization.scm
vpn.scm	services: wireguard: New service.	2021-02-17 10:32:15 +01:00
web.scm	services: Add Agate Gemini service.	2021-02-15 13:35:04 +01:00
xorg.scm	services: Add 'xorg-server-service-type'.	2021-02-11 17:01:43 +08:00