[bug#47013,v4] gnu: Harden filesystem links.

Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id C4DCE27BC55; Wed, 17 Mar 2021 02:15:22 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,
	T_DKIM_INVALID,URIBL_BLOCKED autolearn=unavailable autolearn_force=no
	version=3.4.2
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id DE08227BC56
	for <patchwork@mira.cbaines.net>; Wed, 17 Mar 2021 02:15:20 +0000 (GMT)
Received: from localhost ([::1]:43698 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>)
	id 1lMLiS-0001MC-2U
	for patchwork@mira.cbaines.net; Tue, 16 Mar 2021 22:15:20 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:56480)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1lMLiB-0001M2-3F
 for guix-patches@gnu.org; Tue, 16 Mar 2021 22:15:03 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:58253)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1lMLiA-0004qN-AP
 for guix-patches@gnu.org; Tue, 16 Mar 2021 22:15:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1lMLiA-0002ZC-5E
 for guix-patches@gnu.org; Tue, 16 Mar 2021 22:15:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#47013] [PATCH v4] gnu: Harden filesystem links.
Resent-From: Leo Famulari <leo@famulari.name>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Wed, 17 Mar 2021 02:15:02 +0000
Resent-Message-ID: <handler.47013.B47013.16159472549798@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 47013
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 47013@debbugs.gnu.org
Received: via spool by 47013-submit@debbugs.gnu.org id=B47013.16159472549798
 (code B ref 47013); Wed, 17 Mar 2021 02:15:02 +0000
Received: (at 47013) by debbugs.gnu.org; 17 Mar 2021 02:14:14 +0000
Received: from localhost ([127.0.0.1]:41566 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1lMLhO-0002Xx-8d
 for submit@debbugs.gnu.org; Tue, 16 Mar 2021 22:14:14 -0400
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:53095)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1lMLhI-0002Xg-M0
 for 47013@debbugs.gnu.org; Tue, 16 Mar 2021 22:14:12 -0400
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
 by mailout.nyi.internal (Postfix) with ESMTP id A95615C009F;
 Tue, 16 Mar 2021 22:14:02 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute3.internal (MEProxy); Tue, 16 Mar 2021 22:14:02 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-type:in-reply-to; s=mesmtp; bh=rim2so16K+D3evYqzCGcB4WS
 IAAS1qyVgrndCDQCAKg=; b=k6uPxZzUAIBi3yj/Vte8JNHaXd7byJzbq6AywtpC
 lEuYj7CPTHzG5IlRtbTFKe8ocbuFBP94D2mN4R5f4l2AC5zAA58CN9daYrwsnHi/
 kxVYF/YIBZZr8j3HPuTS+8eSfTxZ8QmoIJvL9anX0qoNjaVdH+jCEqPMnkklCigN
 mFs=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=rim2so
 16K+D3evYqzCGcB4WSIAAS1qyVgrndCDQCAKg=; b=MnosfO9lvleRKTEW2TXTfP
 Zra1Sgc0T6IjHnbgtNYvTMKzddjBni1Q3rZHxlUl5dc/f2Fhg0dLkxE9EosRf0H9
 qcC37uxMi/ph5g6DOIfOCnkB6mZS8virINl8A6FvMh7AfonTbTPstoAFvMRrRZnk
 aZiab6cSRnmlqCtfH7jA+5qjavZeVSpu8Tz0R7aYrEnpNCS0DvYpiJDRUzqmOyX5
 NgOVTm6ypkAZDneXKkYsjfyL2Shf8ozr8NOZhPnm6me7xg+YZhZc0beiWtTJwbah
 cXcibmL3UwvuJrZdul+g1OiBO3XDy57UQQz7BrmgvTiSUPgBnDb0UwKmvukFuT7w
 ==
X-ME-Sender: <xms:6mVRYNqFVDI3zGbscY0WLUlaLdvDwxJ_ieHr3NXSzcGlaXIdY5EIeg>
 <xme:6mVRYPr1LBckS8gyjn_fVDX_Q5ABk_RbaNj7Z345tXScK56JTkri2VIMm4iLId8_V
 5ubOGZNWQUDYOAs3w>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeduledrudeffedggedtucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
 cujfgurhepfffhvffukfhfgggtuggjsehgtderredttddvnecuhfhrohhmpefnvghoucfh
 rghmuhhlrghrihcuoehlvghosehfrghmuhhlrghrihdrnhgrmhgvqeenucggtffrrghtth
 gvrhhnpedukeevgeetkeeltefgiedtjefgjeekffduteehvdfhueekudelieekjeefheff
 teenucfkphepuddttddruddurdduieelrdduudeknecuvehluhhsthgvrhfuihiivgeptd
 enucfrrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghmvg
X-ME-Proxy: <xmx:6mVRYKOv-8jVgGm1aKkm3vVM00cWll801dhuXUnPb0iMhCJJl052Sg>
 <xmx:6mVRYI6mHTzTysoHz8x1SNxzhkvgzLryHj33FdxEUqKXvc0cEOpNFA>
 <xmx:6mVRYM5CbyeC6763F3yDAy3F7-jF-WEmPoeVfQbw5M-smW8PlJ9OGQ>
 <xmx:6mVRYBUueCxJ0aeIukaiOxtCqPyXjzIeliJk4U3jqToN2_EPBSYbAw>
Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net
 [100.11.169.118])
 by mail.messagingengine.com (Postfix) with ESMTPA id 44CDA1080064;
 Tue, 16 Mar 2021 22:14:02 -0400 (EDT)
Date: Tue, 16 Mar 2021 22:14:00 -0400
From: Leo Famulari <leo@famulari.name>
Message-ID: <YFFl6C4hBQTLBXNO@jasmine.lan>
References: <YEvlv7v2LawKE0rF@jasmine.lan> <YEvwaTcZTyzk8O/U@jasmine.lan>
 <8735wu7nf9.fsf_-_@gnu.org> <YFFTXPcse7S9w8Q4@jasmine.lan>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="+PUZ9BqJW7C7bVoS"
Content-Disposition: inline
In-Reply-To: <YFFTXPcse7S9w8Q4@jasmine.lan>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: "Guix-patches"
 <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-getmail-retrieved-from-mailbox: Patches