amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
guix-mirrors/nix
History
Ludovic Courtès 0e79d5b655
daemon: Protect ‘copyFileRecursively’ from race conditions. 
Previously, if an attacker managed to introduce a hard link or a symlink
on one of the destination file names before it is opened,
‘copyFileRecursively’ would overwrite the symlink’s target or the hard
link’s content.

This kind of attack could be carried out while guix-daemon is copying
the output or the chroot directory of a failed fixed-output derivation
build, possibly allowing the attacker to escalate to the privileges of
the build user.

* nix/libutil/util.cc (copyFileRecursively): In the ‘S_ISREG’ case, open
‘destination’ with O_NOFOLLOW | O_EXCL.  In the ‘S_ISDIR’ case, open
‘destination’ with O_NOFOLLOW.

Reported-by: Reepca Russelstein <reepca@russelstein.xyz>
Change-Id: I94273efe4e92c1a4270a98c5ec47bd098e9227c9
Signed-off-by: John Kehayias <john.kehayias@protonmail.com>
2025-06-24 10:07:59 -04:00
..
boost
libstore daemon: add seccomp filter for slirp4netns. 2025-06-24 10:07:58 -04:00
libutil daemon: Protect ‘copyFileRecursively’ from race conditions. 2025-06-24 10:07:59 -04:00
nix-daemon daemon: Use slirp4netns to provide networking to fixed-output derivations. 2025-06-24 10:07:57 -04:00
.gitignore
AUTHORS
COPYING
local.mk daemon: add seccomp filter for slirp4netns. 2025-06-24 10:07:58 -04:00