~ruther/guix-local: activation: Do not create setuid binaries in the store [security fix].

5e66574a128937e7f2fcf146d146225703ccfd5d — Ludovic Courtès 8 years ago d265169

activation: Do not create setuid binaries in the store [security fix].

Fixes <https://bugs.gnu.org/28751>.

* gnu/build/activation.scm (activate-setuid-programs)[link-or-copy]: Remove.
Use 'copy-file' instead.

patch browse .tar.gz

1 files changed, 1 insertions(+), 12 deletions(-)

M gnu/build/activation.scm

M gnu/build/activation.scm => gnu/build/activation.scm +1 -12

@@ 353,24 353,13 @@ they already exist."
   ;; Place where setuid programs are stored.
   "/run/setuid-programs")
 
-(define (link-or-copy source target)
-  "Attempt to make TARGET a hard link to SOURCE; if it fails, fall back to
-copy SOURCE to TARGET."
-  (catch 'system-error
-    (lambda ()
-      (link source target))
-    (lambda args
-      ;; Perhaps SOURCE and TARGET live in a different file system, so copy
-      ;; SOURCE.
-      (copy-file source target))))
-
 (define (activate-setuid-programs programs)
   "Turn PROGRAMS, a list of file names, into setuid programs stored under
 %SETUID-DIRECTORY."
   (define (make-setuid-program prog)
     (let ((target (string-append %setuid-directory
                                  "/" (basename prog))))
-      (link-or-copy prog target)
+      (copy-file prog target)
       (chown target 0 0)
       (chmod target #o6555)))