[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#50960] [PATCH 04/10] DRAFT shell: By default load the local 'guix.s
|
From: |
Maxime Devos |
|
Subject: |
[bug#50960] [PATCH 04/10] DRAFT shell: By default load the local 'guix.scm' or 'manifest.scm' file. |
|
Date: |
Sat, 02 Oct 2021 16:15:21 +0200 |
|
User-agent: |
Evolution 3.34.2 |
Ludovic Courtès schreef op za 02-10-2021 om 12:22 [+0200]:
> +(define (find-file-in-parent-directories candidates)
> + "Find one of CANDIDATES in the current directory or one of its ancestors."
> + (let loop ((directory (getcwd)))
> + (and (= (stat:uid (stat directory)) (getuid))
> + (or (any (lambda (candidate)
> + (let ((candidate (string-append directory "/"
> candidate)))
> + (and (file-exists? candidate) candidate)))
> + candidates)
> + (loop (string-append directory "/..")))))) ;Unix ".." resolution
I do not recommend this. What would happen if someone creates a temporary
directory
"/tmp/stuff" do things in to throw away later (setting permissions
appropriately),
tries to create a guix.scm in that directory but misspells it as, say, guix.sm,
and runs
"guix shell" from within /tmp/stuff? Then find-file-in-parent-directories would
load /tmp/guix.scm (possibly created by a local attacker, assuming a multi-user
system),
-- if it weren't for the (= (stat:uid (stat directory)) (getuid)).
Because of the (= (stat:uid ...) (getuid)), this attack method is not possible.
However, it causes other issues. Now it isn't possible for two users (that
trust
each other), to set up a directory writable by both (e.g. with ACLs, or by
making
the directory group-writable and placing the two users in the same group), for
working together, with a guix.scm usable by both.
These can be two users on the same machine, or remotely via something like NFS,
or a single person having multiple user accounts used for different purposes.
(I once created multiple user accounts on Debian: one regular purpose, one for
reading
and games, and one for school, and made the ‘for-reading’ and ‘school’ home
directory
readable by the ‘regular-purpose’ account. It was occasionally useful.)
Greetings,
Maxime.
signature.asc
Description: This is a digitally signed message part
[bug#50960] [PATCH 06/10] environment: Skip derivation computation when '--profile' is used., Ludovic Courtès, 2021/10/02
[bug#50960] [PATCH 08/10] environment: Autoload some modules., Ludovic Courtès, 2021/10/02
[bug#50960] [PATCH 05/10] environment: Add tests for '--profile'., Ludovic Courtès, 2021/10/02
[bug#50960] [PATCH 07/10] environment: Do not connect to the daemon when '--profile' is used., Ludovic Courtès, 2021/10/02
[bug#50960] [PATCH 10/10] shell: Maintain a profile cache., Ludovic Courtès, 2021/10/02