GNU bug report logs - #47584
Race condition in ‘copy-account-skeletons’: possible privilege escalation.

Previous Next

Package: guix;

Reported by: Maxime Devos <maximedevos <at> telenet.be>

Date: Sat, 3 Apr 2021 16:10:02 UTC

Severity: important

Tags: patch, security

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #74 received at 47584-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Maxime Devos <maximedevos <at> telenet.be>
Cc: 47584-done <at> debbugs.gnu.org
Subject: Re: bug#47584: Race condition in ‘copy-account-skeletons’: possible privilege escalation.
Date: Fri, 06 Sep 2024 11:49:46 +0200

Hello,

Maxime Devos <maximedevos <at> telenet.be> skribis:

> I removed the 'Based upon mkdir-p from (guix build utils)'
> comment because it's quite a bit different now.
>
> * gnu/build/activation.scm (verify-not-symbolic): Delete.
> (mkdir-p/perms): Rewrite in terms of 'openat'.

Finally pushed as c1283e203995c8d84584e701b965efe086d1d666, now that
Guile 3.0.9 with the *at family of procedures is the default (and has
been for a while, actually).

Great work both in Guile upstream and in Guix here.

Ludo’.

This bug report was last modified 260 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #47584 Race condition in ‘copy-account-skeletons’: possible privilege escalation.

GNU bug report logs - #47584
Race condition in ‘copy-account-skeletons’: possible privilege escalation.