Xinglu Chen schreef op zo 06-06-2021 om 14:51 [+0200]: > [ This was reported on the Nixpkgs bug tracker a few weeks ago > <https://github.com/NixOS/nixpkgs/issues/121293> ] > > When doing something like > > (call-with-output-file FILE > (lambda (port) > (display SECRET port))) > (chmod FILE #o400) > > an unpriviliged user could open FILE before FILE had been chmod’ed, and > then read the contents of FILE. > > One solution to this problem would be to use > > (mkdir (dirname FILE) #o400) > > before writing SECRET to FILE.
Alternatively, a variant of call-with-output-file
could be defined that has a #:perms argument.
This new procedure, let's call it call-with-output-file*,
could create a file with the right permissions with
(open "/etc/...-secret" (bitwise-ior O_WRONLY O_CREAT) #o400)
or something like that.
Then the vulnerable code above would become ...
(call-with-output-file* FILE
(lambda (port)
(display SECRET port))
#:perms #o400)
This seems a bit easier in usage to me!
No need to worry if changing the permissions of the parent
directory would break anything this way.
Greetings,
Maxime.
signature.asc
Description: This is a digitally signed message part
