From patchwork Fri Oct 25 06:48:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Reepca Russelstein X-Patchwork-Id: 69437 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 73D6E27BBEA; Fri, 25 Oct 2024 07:51:10 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,FROM_SUSPICIOUS_NTLD,MAILING_LIST_MULTI,PDS_OTHER_BAD_TLD, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL, RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 0753727BBE2 for ; Fri, 25 Oct 2024 07:51:09 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1t4E9b-00028v-WE; Fri, 25 Oct 2024 02:50:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t4E9X-00023p-49 for guix-patches@gnu.org; Fri, 25 Oct 2024 02:50:31 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1t4E9W-0000sh-Qq for guix-patches@gnu.org; Fri, 25 Oct 2024 02:50:30 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:Subject; bh=e3RpqkqqwLF6EmpbkEF4CayBvOKhm0JlqLUJRm00jdY=; b=IShK9/WSKUOL5qevDtbRZ51DAp90efJDeiAVFQDRpNT3+Of3i+ZxYMfZt/aBc9rvlAFDvij2BBMx8VbJN+YeWw693fcASt1xYfdRrQzmoYBR3GFRVBj70jXbKBJorjLcBHuYXAg5iAd5o+XleXk2YwbKZKu/BxnmGfazgONxC9fAggG6+kzMRfVyZtgkaihS8r4ZgJqqIsEagV6uV+oTt4lCKeuqc/gsBHeCCd4UenlA4ALcA/xLybCgOAT4wn5oOSC3xizycjOlt38BCcpka77zv+nNVsSKouuyk8TZoPmC+IKfjJ/pxMea2MwV39KtC2uYiu5pODcxsenBJOuGBw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1t4EA1-0002T2-TL for guix-patches@gnu.org; Fri, 25 Oct 2024 02:51:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#74002] [PATCH] create directory with specified permissions in mkdir-p/perms Resent-From: Reepca Russelstein Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 25 Oct 2024 06:51:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 74002 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 74002@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.17298390479454 (code B ref -1); Fri, 25 Oct 2024 06:51:01 +0000 Received: (at submit) by debbugs.gnu.org; 25 Oct 2024 06:50:47 +0000 Received: from localhost ([127.0.0.1]:37024 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t4E9n-0002SQ-0e for submit@debbugs.gnu.org; Fri, 25 Oct 2024 02:50:47 -0400 Received: from lists.gnu.org ([209.51.188.17]:54726) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t4E9i-0002RC-Uw for submit@debbugs.gnu.org; Fri, 25 Oct 2024 02:50:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t4E9B-00021X-Dz for guix-patches@gnu.org; Fri, 25 Oct 2024 02:50:09 -0400 Received: from mailout.russelstein.xyz ([2605:6400:20:11e::1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t4E98-0000eZ-DP for guix-patches@gnu.org; Fri, 25 Oct 2024 02:50:09 -0400 DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=russelstein.xyz; s=ed25519; h=Content-Type:MIME-Version:Message-ID:Date: Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=e3RpqkqqwLF6EmpbkEF4CayBvOKhm0JlqLUJRm00jdY=; b=CTRzyj48zhvJDdqPyebKhnqHp1 KBp3/xCmkpKkYIvGsoLX5urz0xFA6Kx1yPFtqHoI/GsjfsuC1hhct4lOsUAw==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=russelstein.xyz; s=rsa; h=Content-Type:MIME-Version:Message-ID:Date:Subject :To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=e3RpqkqqwLF6EmpbkEF4CayBvOKhm0JlqLUJRm00jdY=; b=Fl6FVtt8YjGLnFAeZDU0kDq8aZ C5cofJi1r+mG3qDmKl1LPLz6vni3WbTXqzjITlZUWBxkeaDbtgNOcvLLAvfdQuogkD6OUcw5Fz07D MbhWUOiw5TYoyebb9Uo/C7TMuJ4WSCaSfwmqzvOxPCmE+MEMPAeO6sxzatz3Ei1qH0e9A+3JEmlxG Y8u20bQmfS/B1Q5PEGGWTaRkHabdju/XJlyZg+U1lRXshsT1l7c/iQo3Dd4ziNDQ/0poKwulcbTY1 RtDfPgDwXO5GxH9rGvF8KC9sFcTVECaRh3t6BLZEJPVtZX14NY4t/Lc8MBEKMjuM6HSrTzia8LUKN tJXpi035wg5XMmR/h+cUa55ryF1GCSeskklyrwzMa5cq2h6egR7JNGtMv6rLfSkFS5qOBboMGGUmH XvZciw1JmB8wo7OeJPTEI9L9TR7aTFnVFQZTKK5PzxWtAqfmeZJYLcJJ1FcfNC573/LxCSffOYYXN +SQApbAg+gTcvhZFKF+1/1kFyWAR4L+A02EzSlu+2rX1019tvkNUbRIXNle9UijnNByBKeex/dtPq 7Tm4ibTKdzkrFtbkJlnrCa1G2sKPPIge0Lr7h+IiuNFk3jlrvxxKcemfNkWejYqG8wETyQR4/YUO3 k3qKYcWjkMM9vYqoXys1kvHS9AUAbElSzxzWPwAak=; Received: by russelstein.xyz with esmtpsa (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.98) (envelope-from ) id 1t4E91-000000006fv-1TYi for guix-patches@gnu.org; Fri, 25 Oct 2024 01:50:00 -0500 Date: Fri, 25 Oct 2024 01:48:03 -0500 Message-ID: <87y12che58.fsf@russelstein.xyz> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Received-SPF: pass client-ip=2605:6400:20:11e::1; envelope-from=reepca@russelstein.xyz; helo=mailout.russelstein.xyz X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Reepca Russelstein X-ACL-Warn: , Reepca Russelstein via Guix-patches X-Patchwork-Original-From: Reepca Russelstein via Guix-patches via From: Reepca Russelstein Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches mkdir-p/perms in (gnu build activation) currently first creates the target directory with its permissions restricted solely by umask, then changes the permissions afterward. This leaves a window during which it is possible that read and/or execute bits for untrusted users may be set on the target directory. By changing it so that the directory, if it is created, is created with no more permissions than the caller specified, we can be confident that if the directory didn't already exist - for example because it was deliberately deleted in advance - it at no point was more accessible than intended. - reepca From 736515a6e2e0e403c076c74b3019b69518a6bc9e Mon Sep 17 00:00:00 2001 From: Reepca Russelstein Date: Fri, 25 Oct 2024 01:04:48 -0500 Subject: [PATCH] gnu: build: create directory with specified perms in mkdir-p/perms. There is currently a window of time between when the desired directory is created and when its permissions are changed. During this time, its permissions are restricted only by the umask. Of course, in the "directory already exists" case, this doesn't matter, but if the directory has been specifically deleted ahead of time so that it is created afresh, this is an unnecessary window. We can avoid this by passing the caller-provided BITS to 'mkdirat' when attempting to create the last directory. * gnu/build/activation.scm (mkdir-p/perms): Create target directory with BITS permissions. Change-Id: I03d2c620872e86b6f591abe0f1c8317aa1245383 --- gnu/build/activation.scm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm index d1a2876..a450578 100644 --- a/gnu/build/activation.scm +++ b/gnu/build/activation.scm @@ -113,7 +113,9 @@ (define open-flags (logior O_CLOEXEC ; don't pass the port on to subprocesses ;; If not, create it. (catch 'system-error (lambda _ - (mkdirat root head)) + (if (null? tail) + (mkdirat root head bits) + (mkdirat root head))) (lambda args ;; Someone else created the directory. Unexpected but fine. (unless (= EEXIST (system-error-errno args)) -- 2.45.2