TakeV/guix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
guix/tests
History
Ludovic Courtès 81c580c866
daemon: Make 'profiles/per-user' non-world-writable. 
Fixes <https://bugs.gnu.org/37744>.
Reported at <https://www.openwall.com/lists/oss-security/2019/10/09/4>.

Based on Nix commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d
by Eelco Dolstra <edolstra@gmail.com>.

* nix/libstore/local-store.cc (LocalStore::LocalStore): Set 'perUserDir'
to #o755 instead of #o1777.
(LocalStore::createUser): New function.
* nix/libstore/local-store.hh (LocalStore): Add it.
* nix/libstore/store-api.hh (StoreAPI): Add it.
* nix/nix-daemon/nix-daemon.cc (performOp): In 'wopSetOptions', add
condition to handle "user-name" property and honor it.
(processConnection): Add 'userId' parameter.  Call 'store->createUser'
when userId is not -1.
* guix/profiles.scm (ensure-profile-directory): Note that this is now
handled by the daemon.
* guix/store.scm (current-user-name): New procedure.
(set-build-options): Add #:user-name parameter and pass it to the daemon.
* tests/guix-daemon.sh: Test the creation of 'profiles/per-user' when
listening on a TCP socket.
* tests/store.scm ("profiles/per-user exists and is not writable")
("profiles/per-user/$USER exists"): New tests.
2019-10-16 22:53:40 +02:00
..
accounts.scm accounts: Delete duplicate entries. 2019-08-28 00:27:14 +02:00
base16.scm
base32.scm
base64.scm
bournish.scm
build-utils.scm utils: Add 'invoke/quiet'. 2019-06-17 16:13:36 +02:00
builders.scm tests: Remove expensive and pointless test. 2019-06-14 21:57:18 +02:00
cache.scm
challenge.scm
channels.scm channels: Allow news entries to refer to a tag. 2019-09-23 10:38:44 +02:00
combinators.scm
containers.scm tests: Skip container test when lacking kernel support. 2019-10-15 10:21:41 +02:00
cpan.scm Revert "import: cpan: Adapt for the change to guile-json version 3." 2019-08-22 14:24:11 -04:00
cpio.scm
cran.scm
crate.scm import: crate: Correct interpretation of dual-licensing strings. 2019-09-04 13:02:27 +02:00
cve-sample.xml
cve.scm
debug-link.scm
derivations.scm Merge branch 'master' into core-updates 2019-09-06 20:46:00 -04:00
discovery.scm
elpa.scm
file-systems.scm
gem.scm
gexp.scm gexp: Catch and report non-self-quoting gexp inputs. 2019-09-23 23:41:19 +02:00
git.scm git: Add 'commit-difference'. 2019-09-23 10:38:43 +02:00
glob.scm
gnu-maintenance.scm
grafts.scm Merge branch 'master' into core-updates 2019-06-27 23:33:48 +02:00
graph.scm
gremlin.scm
guix-archive.sh
guix-authenticate.sh
guix-build-branch.sh tests: Adjust '--with-commit' test. 2019-09-04 13:02:27 +02:00
guix-build.sh ui: 'warn-about-load-error' provides hints for unbound variables. 2019-07-20 01:32:17 +02:00
guix-daemon.sh daemon: Make 'profiles/per-user' non-world-writable. 2019-10-16 22:53:40 +02:00
guix-describe.sh
guix-download.sh
guix-environment-container.sh environment: '--container' honors '--preserve'. 2019-10-03 23:48:59 +02:00
guix-environment.sh Merge branch 'master' into core-updates 2019-08-22 15:53:27 -04:00
guix-gc.sh
guix-graph.sh
guix-hash.sh
guix-lint.sh
guix-pack-localstatedir.sh
guix-pack-relocatable.sh pack: '-R' honors the requested output. 2019-08-23 18:41:49 +02:00
guix-pack.sh
guix-package-aliases.sh guix package: '--show' ignores deprecated packages. 2019-09-21 16:48:36 +02:00
guix-package-net.sh tests: Make builds less expensive. 2019-06-14 21:57:39 +02:00
guix-package.sh guix package: Add '--list-profiles'. 2019-09-26 11:43:26 +02:00
guix-system.sh
hackage.scm import: hackage: Add two expected failing test cases. 2019-06-20 14:07:01 +02:00
import-utils.scm maint: Switch to Guile-JSON 3.x. 2019-07-25 00:16:41 +02:00
inferior.scm inferior: Propagate '&store-protocol-error' error conditions. 2019-09-21 16:48:36 +02:00
lint.scm lint: Add 'archival' checker. 2019-09-02 15:25:01 +02:00
lzlib.scm lzlib: Add 'make-lzip-input-port/compressed'. 2019-05-27 22:47:24 +02:00
modules.scm
monads.scm
nar.scm
networking.scm services: openntpd: Add test for issue #3731. 2019-09-08 23:15:32 +09:00
opam.scm tests: opam: Fix input type in import test. 2019-09-07 22:25:14 +02:00
pack.scm pack: Create /tmp in Docker images. 2019-08-27 12:20:44 +02:00
packages.scm packages: 'supported-package?' binds '%current-system' for graph traversal. 2019-09-06 14:41:58 +02:00
pki.scm
print.scm import: print: Honor the outputs of inputs (!). 2019-06-07 22:49:47 +02:00
processes.scm
profiles.scm tests: Make builds less expensive. 2019-06-14 21:57:39 +02:00
publish.scm publish: '--compression' can be repeated. 2019-06-02 22:01:57 +02:00
pypi.scm import: pypi: Include optional test inputs as native-inputs. 2019-07-02 10:08:00 +09:00
records.scm
scripts-build.scm
scripts.scm
search-paths.scm build: Remove 'gnu/packages/bootstrap' and its binaries. 2019-06-14 22:09:38 +02:00
services.scm guix system: Add 'reconfigure' module. 2019-07-26 19:19:49 +02:00
sets.scm
signing-key.pub
signing-key.sec
size.scm
snix.scm
status.scm
store-database.scm
store-deduplication.scm
store-roots.scm
store.scm daemon: Make 'profiles/per-user' non-world-writable. 2019-10-16 22:53:40 +02:00
substitute.scm substitute: Select the best compression methods. 2019-06-02 22:01:57 +02:00
swh.scm swh: Add hooks for rate limiting handling. 2019-09-02 15:25:01 +02:00
syscalls.scm syscalls: Add 'add-to-entropy-count'. 2019-10-05 22:05:02 +02:00
system.scm
test.drv
texlive.scm
ui.scm ui: 'relevance' connects regexps with a logical and. 2019-09-19 23:24:04 +02:00
union.scm tests: Make builds less expensive. 2019-06-14 21:57:39 +02:00
upstream.scm
utils.scm utils: canonical-newline-port: Fix handling of carriage return at buffer end. 2019-06-20 14:07:01 +02:00
uuid.scm
workers.scm
zlib.scm