GNU bug report logs - #48872
Guix services: ‘chmod’ leaves opportunity to leak secrets

Package: guix;

Reported by: Xinglu Chen <public <at> yoctocell.xyz>

Date: Sun, 6 Jun 2021 12:52:01 UTC

Severity: normal

View this message in rfc822 format

From: Xinglu Chen <public <at> yoctocell.xyz>
To: 48872 <at> debbugs.gnu.org
Subject: bug#48872: Guix services: ‘chmod’ leaves opportunity to leak secrets
Date: Sun, 06 Jun 2021 14:51:36 +0200

[Message part 1 (text/plain, inline)]

[  This was reported on the Nixpkgs bug tracker a few weeks ago
   <https://github.com/NixOS/nixpkgs/issues/121293>  ]

When doing something like

  (call-with-output-file FILE
    (lambda (port)
      (display SECRET port)))
  (chmod FILE #o400)

an unpriviliged user could open FILE before FILE had been chmod’ed, and
then read the contents of FILE.

One solution to this problem would be to use

  (mkdir (dirname FILE) #o400)

before writing SECRET to FILE.

I have identified at least two services which are vulnerable to this:

* ‘wireguard-service-type’ in (gnu services vpn)
* ‘patchwork-service-type’ in (gnu servicse web)

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 4 years and 7 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #48872 Guix services: ‘chmod’ leaves opportunity to leak secrets

GNU bug report logs - #48872
Guix services: ‘chmod’ leaves opportunity to leak secrets