civodul pushed a commit to branch master
in repository guix.
commit 41939c374a3ef421d2d4c6453c327a9cd7af4ce5
Author: Ludovic Courtès <[email protected]>
AuthorDate: Sun Jun 21 15:34:53 2020 +0200
git-authenticate: Ignore authenticated commit cache when it's not #o600.
* guix/git-authenticate.scm (previously-authenticated-commits): Stat
PORT; return the empty list if it's no #o600 and change it to #o600.
---
guix/git-authenticate.scm | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index 228d551..082c44e 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -306,7 +306,14 @@ IDs (hex strings)."
(catch 'system-error
(lambda ()
(call-with-input-file (authenticated-commit-cache-file key)
- read))
+ (lambda (port)
+ ;; If PORT has the wrong permissions, it might have been tampered
+ ;; with by another user so ignore its contents.
+ (if (= #o600 (stat:perms (stat port)))
+ (read port)
+ (begin
+ (chmod port #o600)
+ '())))))
(lambda args
(if (= ENOENT (system-error-errno args))
'()
