amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
guix-mirrors/nix/libutil
History
Ludovic Courtès 0e79d5b655
daemon: Protect ‘copyFileRecursively’ from race conditions. 
Previously, if an attacker managed to introduce a hard link or a symlink
on one of the destination file names before it is opened,
‘copyFileRecursively’ would overwrite the symlink’s target or the hard
link’s content.

This kind of attack could be carried out while guix-daemon is copying
the output or the chroot directory of a failed fixed-output derivation
build, possibly allowing the attacker to escalate to the privileges of
the build user.

* nix/libutil/util.cc (copyFileRecursively): In the ‘S_ISREG’ case, open
‘destination’ with O_NOFOLLOW | O_EXCL.  In the ‘S_ISDIR’ case, open
‘destination’ with O_NOFOLLOW.

Reported-by: Reepca Russelstein <reepca@russelstein.xyz>
Change-Id: I94273efe4e92c1a4270a98c5ec47bd098e9227c9
Signed-off-by: John Kehayias <john.kehayias@protonmail.com>
2025-06-24 10:07:59 -04:00
..
affinity.cc
affinity.hh
archive.cc
archive.hh
hash.cc daemon: Improve error message for wrong hash sizes. 2023-01-09 17:40:54 +01:00
hash.hh
seccomp.cc daemon: add seccomp filter for slirp4netns. 2025-06-24 10:07:58 -04:00
seccomp.hh daemon: add seccomp filter for slirp4netns. 2025-06-24 10:07:58 -04:00
serialise.cc daemon: Remove ‘foreach’ and ‘foreach_reverse’ 2025-06-09 22:05:13 +02:00
serialise.hh
spawn.cc daemon: add seccomp filter for slirp4netns. 2025-06-24 10:07:58 -04:00
spawn.hh daemon: add seccomp filter for slirp4netns. 2025-06-24 10:07:58 -04:00
types.hh daemon: Remove ‘singleton’ and replace ‘typedef’ with ‘using’ in ‘types.hh’ 2025-06-03 15:09:55 +02:00
util.cc daemon: Protect ‘copyFileRecursively’ from race conditions. 2025-06-24 10:07:59 -04:00
util.hh daemon: Use slirp4netns to provide networking to fixed-output derivations. 2025-06-24 10:07:57 -04:00