mirror/guix
1
0
Fork 0
mirror of https://git.savannah.gnu.org/git/guix.git synced 2025-01-20 14:47:20 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
guix/tests
History
Ludovic Courtès 81c580c866
daemon: Make 'profiles/per-user' non-world-writable. 
Fixes <https://bugs.gnu.org/37744>.
Reported at <https://www.openwall.com/lists/oss-security/2019/10/09/4>.

Based on Nix commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d
by Eelco Dolstra <edolstra@gmail.com>.

* nix/libstore/local-store.cc (LocalStore::LocalStore): Set 'perUserDir'
to #o755 instead of #o1777.
(LocalStore::createUser): New function.
* nix/libstore/local-store.hh (LocalStore): Add it.
* nix/libstore/store-api.hh (StoreAPI): Add it.
* nix/nix-daemon/nix-daemon.cc (performOp): In 'wopSetOptions', add
condition to handle "user-name" property and honor it.
(processConnection): Add 'userId' parameter.  Call 'store->createUser'
when userId is not -1.
* guix/profiles.scm (ensure-profile-directory): Note that this is now
handled by the daemon.
* guix/store.scm (current-user-name): New procedure.
(set-build-options): Add #:user-name parameter and pass it to the daemon.
* tests/guix-daemon.sh: Test the creation of 'profiles/per-user' when
listening on a TCP socket.
* tests/store.scm ("profiles/per-user exists and is not writable")
("profiles/per-user/$USER exists"): New tests.
2019-10-16 22:53:40 +02:00
..
accounts.scm
base16.scm
base32.scm
base64.scm
bournish.scm
build-utils.scm
builders.scm
cache.scm
challenge.scm
channels.scm
combinators.scm
containers.scm
cpan.scm
cpio.scm
cran.scm
crate.scm
cve-sample.xml
cve.scm
debug-link.scm
derivations.scm
discovery.scm
elpa.scm
file-systems.scm
gem.scm
gexp.scm
git.scm
glob.scm
gnu-maintenance.scm
grafts.scm
graph.scm
gremlin.scm
guix-archive.sh
guix-authenticate.sh
guix-build-branch.sh
guix-build.sh
guix-daemon.sh
guix-describe.sh
guix-download.sh
guix-environment-container.sh
guix-environment.sh
guix-gc.sh
guix-graph.sh
guix-hash.sh
guix-lint.sh
guix-pack-localstatedir.sh
guix-pack-relocatable.sh
guix-pack.sh
guix-package-aliases.sh
guix-package-net.sh
guix-package.sh
guix-system.sh
hackage.scm
import-utils.scm
inferior.scm
lint.scm
lzlib.scm
modules.scm
monads.scm
nar.scm
networking.scm
opam.scm
pack.scm
packages.scm
pki.scm
print.scm
processes.scm
profiles.scm
publish.scm
pypi.scm
records.scm
scripts-build.scm
scripts.scm
search-paths.scm
services.scm
sets.scm
signing-key.pub
signing-key.sec
size.scm
snix.scm
status.scm
store-database.scm
store-deduplication.scm
store-roots.scm
store.scm
substitute.scm
swh.scm
syscalls.scm
system.scm
test.drv
texlive.scm
ui.scm
union.scm
upstream.scm
utils.scm
uuid.scm
workers.scm
zlib.scm