GNU bug report logs - #28751
GuixSD setuid-programs handling creates setuid binaries in the store

Previous Next

Package: guix;

Reported by: ludo <at> gnu.org (Ludovic Courtès)

Date: Sun, 8 Oct 2017 19:26:01 UTC

Severity: important

Tags: security

Done: ludo <at> gnu.org (Ludovic Courtès)

Bug is archived. No further changes may be made.

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: bug-guix <at> gnu.org
Subject: GuixSD setuid-programs handling creates setuid binaries in the store
Date: Sun, 08 Oct 2017 21:25:15 +0200

On GuixSD, ‘activate-setuid-programs’ in (gnu build activation) would
create setuid-root binaries under /gnu/store for all the programs listed
under ‘setuid-programs’ in the ‘operating-system’ declaration.

‘activate-setuid-programs’ in (gnu build activation) does this:

  (define (make-setuid-program prog)
    (let ((target (string-append %setuid-directory
                                 "/" (basename prog))))
      (link-or-copy prog target)
      (chown target 0 0)
      (chmod target #o6555)))

which amounts to:

  1. ln /gnu/store/…/bin/su /run/setuid-programs/su
  2. chmod +s /run/setuid-programs/su

meaning that *both* ‘su’ files become setuid root.

This leads to setuid-root files in the store, which is a violation of a
fundamental assumption that setuid files cannot exist in the store.

Detailed announcement and fix coming.

Ludo’.
This bug report was last modified 7 years and 146 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.