summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2021-02-09 09:55:27 +0100
committerLudovic Courtès <ludo@gnu.org>2021-02-09 10:06:02 +0100
commitaa8de806252e3835d57fab351b02d13db762deac (patch)
treee22662b535a444e9242f4960bb67491cffbc8877
parent91911b938208fff582e193f7a2b05584de9f2159 (diff)
activation: Do not make setuid programs setgid-root [security].
Fixes <https://bugs.gnu.org/46395>. Reported by Duncan Overbruck <mail@duncano.de>. * gnu/build/activation.scm (activate-setuid-programs): Change TARGET mode to not be setgid.
-rw-r--r--gnu/build/activation.scm4
1 files changed, 2 insertions, 2 deletions
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index 4b67926e88..b458aee4ae 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
@@ -234,7 +234,7 @@ they already exist."
"/" (basename prog))))
(copy-file prog target)
(chown target 0 0)
- (chmod target #o6555)))
+ (chmod target #o4555)))
(format #t "setting up setuid programs in '~a'...~%"
%setuid-directory)