Maxime Devos 520bac7ed0 services: Prevent following symlinks during activation. ... This addresses a potential security issue, where a compromised service could trick the activation code in changing the permissions, owner and group of arbitrary files. However, this patch is currently only a partial fix, due to a TOCTTOU (time-of-check to time-of-use) race, which can be fixed once guile has bindings to openat and friends. Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html> * gnu/build/activation.scm: new procedure 'mkdir-p/perms'. * gnu/services/authentication.scm (%nslcd-activation, nslcd-service-type): use new procedure. * gnu/services/cups.scm (%cups-activation): likewise. * gnu/services/dbus.scm (dbus-activation): likewise. * gnu/services/dns.scm (knot-activation): likewise. Signed-off-by: Ludovic Courtès <ludo@gnu.org>		2021-03-10 18:01:47 +01:00
..
accounts.scm
activation.scm	services: Prevent following symlinks during activation.	2021-03-10 18:01:47 +01:00
bootloader.scm
chromium-extension.scm
cross-toolchain.scm
file-systems.scm	file-systems: 'mount-file-system' preserves source flags for bind mounts.	2021-02-25 11:29:35 +01:00
hurd-boot.scm
image.scm	database: Remove #:deduplicate? from 'register-items'.	2020-12-15 17:32:11 +01:00
install.scm	store-copy: 'populate-store' can optionally deduplicate files.	2020-12-15 17:32:10 +01:00
linux-boot.scm	linux-boot: Fix noresume argument parsing.	2020-12-17 23:01:23 +01:00
linux-container.scm
linux-initrd.scm	store-copy: 'populate-store' can optionally deduplicate files.	2020-12-15 17:32:10 +01:00
linux-modules.scm
locale.scm
marionette.scm
secret-service.scm
shepherd.scm
svg.scm
vm.scm	database: Remove #:deduplicate? from 'register-items'.	2020-12-15 17:32:11 +01:00