From debbugs-submit-bounces@debbugs.gnu.org Wed Oct 16 10:13:01 2019 Received: (at 37744) by debbugs.gnu.org; 16 Oct 2019 14:13:01 +0000 Received: from localhost ([127.0.0.1]:46333 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iKk2v-0001JX-Kp for submit@debbugs.gnu.org; Wed, 16 Oct 2019 10:13:01 -0400 Received: from tobias.gr ([80.241.217.52]:46274) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iKk2t-0001JH-GN for 37744@debbugs.gnu.org; Wed, 16 Oct 2019 10:13:01 -0400 Received: by tobias.gr (OpenSMTPD) with ESMTP id 1278db18; Wed, 16 Oct 2019 14:12:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=tobias.gr; h=from:to:cc :subject:references:in-reply-to:date:message-id:mime-version :content-type; s=2018; i=me@tobias.gr; bh=PbZ3+oqmqfPTGEwPAJcWwT 3kxqvyg2iUJEHMNraS+Mc=; b=WeodXvZUcT43z0wD38l58wNeEc5Ok5JtA0uONd XEJb61d6QMbAlb0vOBak3wYZKPoCCkBtjcw/yn2h1gmFOFXVUSgddgnOLhJhfFo3 VGO3pKfzRyPKNpFMgGjpvl6pf+yxOQEiKJOgnqU5HLdVFWIymz6DHho0tnzq6su5 ijAzgnKjfhAF014UZXChZxc6aUsr4+0J5LDf3NBnz13yzwHgOK9xM2HaqOeJJZH9 1SmZjVghl/NXS7PsYFpixhhYdbSGDJGxJl/ojj3n51rqmI3EjQD6a0YmV8tRHqQ5 uOduPcXt8T1liRxcKtWtbXOeESFvl9+CXAGt6yQSBMIU24VA== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 07ab53aa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Wed, 16 Oct 2019 14:12:52 +0000 (UTC) From: Tobias Geerinckx-Rice To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix) References: <87o8yjsr8o.fsf@gnu.org> <87blujsqq0.fsf@gnu.org> <87y2xno85o.fsf@nckx> <87d0eyuqzd.fsf@gnu.org> <87mue2nkrj.fsf@nckx> <8736fttby6.fsf@gnu.org> <87tv89rnva.fsf@gnu.org> In-reply-to: <87tv89rnva.fsf@gnu.org> Date: Wed, 16 Oct 2019 16:12:50 +0200 Message-ID: <87imoook2l.fsf@nckx> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 37744 Cc: 37744@debbugs.gnu.org, guix-security@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Ludo', That was swift, thanks! IANAC++. Ludovic Court=C3=A8s =E5=86=99=E9=81=93=EF=BC=9A > diff --git a/nix/libstore/local-store.cc=20 > b/nix/libstore/local-store.cc > index 3b08492c64..3793382361 100644 > --- a/nix/libstore/local-store.cc > +++ b/nix/libstore/local-store.cc > @@ -88,8 +88,9 @@ LocalStore::LocalStore(bool reserveSpace) >=20=20 > Path perUserDir =3D profilesDir + "/per-user"; > createDirs(perUserDir); > - if (chmod(perUserDir.c_str(), 01777) =3D=3D -1) > - throw SysError(format("could not set permissions on=20 > '%1%' to 1777") % perUserDir); > + if (chmod(perUserDir.c_str(), 0755) =3D=3D -1) > + throw SysError(format("could not set permissions on=20 > '%1%' to 755") > + % perUserDir); >=20=20 > mode_t perm =3D 01775; This is inside if (getuid() =3D=3D 0 && settings.buildUsersGroup !=3D "") { =E2=80=A6 } It's not clear to me why the second condition here is relevant,=20 but I don't have the big picture. Nor do I suspect I want it. Kind regards, T G-R --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfo+u0AlEeO9y5k0W2Imw8BjFSTwFAl2nJWIACgkQ2Imw8BjF STwOGQ//cEyN0EMnK+iPMgVrc0DvagCDnyJ4VnVpTF0hOf+ltfPgB65/Nki+NpRP q5ErZj9pz4oXkZT2GSwot5v8GxhKt82FBckWKVZ8Lxoi6hR7/voPHpDzLnid5TDx XVqNaZUjvUk2jmcbD1fwozswLOma8qD7QPjoVQ9Awp0MU74JGkGW4AUUgwa8BXt1 49BhnCWpl3nh0tKYLCtyhVuK5jIk0U/dkzMXjxx6QM4GmalmnLAYDgOpTZpORmaD 1VrabVBMModfDG+8C1RWClpFrPgVRwqvmBK4Zkopomp+cXB4vDUZ1Sm3vsDMfhvO hst4dvEeesA4npjeq+3nzFqcY1VvMkmHur1tTmrVvOJ7IbmMuyPPIWUTdixeH1OE PJExpaJ3/X1fzVPaoOc5hXQFDOI3VXSgZwqA8K7yE1DUUtt+ZBtldKNUqWz1+Qsb Nf7jYOYC5ftPryax9HULNlQlrW6Ak9f5rNavaHAm/zDrPLmBN0kpaBkAWrT4WTqn 2xVDgF7sroZ9RLOL6AJhfLeXsKi9KOvPshghTVv/NtBxBmlyU5/I4ZZDCcd8S55m Q3afU41ALG1z7vsgVwz7/TkuZ1bpffmGV4n8DHhgc7EgkOJl5gBVg3IoQy+pVbUW jw78Cdet8LgERD+c/aN4ITAJ9hysooby/nADTfEGJznfcs1S1pA= =gjOy -----END PGP SIGNATURE----- --=-=-=--