From 0d85bbd42ddcd442864a9ba4719aca8b70d68048 Mon Sep 17 00:00:00 2001
From: Alexey Abramov <levenson@mmer.org>
Date: Fri, 22 Apr 2022 11:32:15 +0200
Subject: [PATCH] Trust guix store directory
To be able to execute binaries defined in OpenSSH configuration, we need to
tell OpenSSH that we can trust Guix store objects. safe_path procedure is
patched to assume files in Guix store to be safe. Additionally configuration
file placed in Guix store is assumed to be safe to load.
---
misc.c | 6 ++++++
readconf.c | 7 ++++---
2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/misc.c b/misc.c
index dd0bd032a..6b866464c 100644
--- a/misc.c
+++ b/misc.c
@@ -2271,6 +2271,7 @@
safe_path(const char *name, struct stat *stp, const char *pw_dir,
uid_t uid, char *err, size_t errlen)
{
+ static const char guix_store[] = @STORE_DIRECTORY@;
char buf[PATH_MAX], buf2[PATH_MAX], homedir[PATH_MAX];
char *cp;
int comparehome = 0;
@@ -2288,6 +2289,11 @@
snprintf(err, errlen, "%s is not a regular file", buf);
return -1;
}
+ // the file is trusted when it is located in guix store
+ if (strncmp(buf, guix_store, strlen(guix_store)) == 0) {
+ return 0;
+ }
+
if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) ||
(stp->st_mode & 022) != 0) {
snprintf(err, errlen, "bad ownership or modes for file %s",
diff --git a/readconf.c b/readconf.c
index 7cbe7d2c2..40a5f1ace 100644
--- a/readconf.c
+++ b/readconf.c
@@ -2602,6 +2602,7 @@
{
FILE *f;
char *line = NULL;
+ char errmsg[512];
size_t linesize = 0;
int linenum;
int bad_options = 0;
@@ -2617,9 +2618,9 @@
if (fstat(fileno(f), &sb) == -1)
fatal("fstat %s: %s", filename, strerror(errno));
- if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
- (sb.st_mode & 022) != 0))
- fatal("Bad owner or permissions on %s", filename);
+ if (safe_path(filename, &sb, pw->pw_dir, pw->pw_uid, errmsg, sizeof(errmsg)) != 0) {
+ fatal(errmsg);
+ }
}
debug("Reading configuration data %.200s", filename);
--
2.49.0