Maxime Devos 520bac7ed0 services: Prevent following symlinks during activation. ... This addresses a potential security issue, where a compromised service could trick the activation code in changing the permissions, owner and group of arbitrary files. However, this patch is currently only a partial fix, due to a TOCTTOU (time-of-check to time-of-use) race, which can be fixed once guile has bindings to openat and friends. Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html> * gnu/build/activation.scm: new procedure 'mkdir-p/perms'. * gnu/services/authentication.scm (%nslcd-activation, nslcd-service-type): use new procedure. * gnu/services/cups.scm (%cups-activation): likewise. * gnu/services/dbus.scm (dbus-activation): likewise. * gnu/services/dns.scm (knot-activation): likewise. Signed-off-by: Ludovic Courtès <ludo@gnu.org>		2021-03-10 18:01:47 +01:00
..
bootloader
build	services: Prevent following symlinks during activation.	2021-03-10 18:01:47 +01:00
installer
machine	machine: ssh: Use 'formatted-message'.	2021-02-25 11:29:35 +01:00
packages	gnu: hwloc: Update to 2.4.1.	2021-03-10 18:01:47 +01:00
services	services: Prevent following symlinks during activation.	2021-03-10 18:01:47 +01:00
system	system: vm: Use Guile 3.0 in Docker images.	2021-02-25 11:29:35 +01:00
tests	tests: cuirass: Remove cuirass simple test.	2021-03-10 09:37:48 +01:00
artwork.scm
bootloader.scm
ci.scm	ci: Remove hydra support.	2021-03-10 08:49:48 +01:00
image.scm	image: Export image? procedure.	2021-02-17 10:55:36 +01:00
installer.scm
local.mk	gnu: mongodb: Update to 3.4.24 [security fixes].	2021-03-10 13:03:12 +01:00
machine.scm
packages.scm
services.scm	gnu: services: Add activate script to the profile system directory.	2021-03-09 06:56:12 +01:00
system.scm
tests.scm	tests: Export %simple-os.	2021-02-19 20:10:08 +01:00