bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)

From:	Tobias Geerinckx-Rice
Subject:	bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
Date:	Wed, 16 Oct 2019 16:12:50 +0200

Ludo',

That was swift, thanks!

IANAC++.

Ludovic Courtès 写道：

diff --git a/nix/libstore/local-store.ccb/nix/libstore/local-store.cc
index 3b08492c64..3793382361 100644
--- a/nix/libstore/local-store.cc
+++ b/nix/libstore/local-store.cc
@@ -88,8 +88,9 @@ LocalStore::LocalStore(bool reserveSpace)
Path perUserDir = profilesDir + "/per-user";
         createDirs(perUserDir);
-        if (chmod(perUserDir.c_str(), 01777) == -1)
- throw SysError(format("could not set permissions on'%1%' to 1777") % perUserDir);
+        if (chmod(perUserDir.c_str(), 0755) == -1)
+ throw SysError(format("could not set permissions on'%1%' to 755")
+                           % perUserDir);
mode_t perm = 01775;


This is inside

 if (getuid() == 0 && settings.buildUsersGroup != "") {
   …
 }

It's not clear to me why the second condition here is relevant,but I don't have the big picture. Nor do I suspect I want it.


Kind regards,

T G-R

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), (continued)

Prev by Date: bug#37775: Python 2.7 not configured for Tk
Next by Date: bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
Previous by thread: bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
Next by thread: bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
Index(es):
- Date
- Thread