From 0d85bbd42ddcd442864a9ba4719aca8b70d68048 Mon Sep 17 00:00:00 2001 From: Alexey Abramov Date: Fri, 22 Apr 2022 11:32:15 +0200 Subject: [PATCH] Trust guix store directory To be able to execute binaries defined in OpenSSH configuration, we need to tell OpenSSH that we can trust Guix store objects. safe_path procedure is patched to assume files in Guix store to be safe. Additionally configuration file placed in Guix store is assumed to be safe to load. --- misc.c | 6 ++++++ readconf.c | 7 ++++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/misc.c b/misc.c index dd0bd032a..6b866464c 100644 --- a/misc.c +++ b/misc.c @@ -2254,6 +2254,7 @@ int safe_path(const char *name, struct stat *stp, const char *pw_dir, uid_t uid, char *err, size_t errlen) { + static const char guix_store[] = @STORE_DIRECTORY@; char buf[PATH_MAX], homedir[PATH_MAX]; char *cp; int comparehome = 0; @@ -2271,6 +2272,11 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, snprintf(err, errlen, "%s is not a regular file", buf); return -1; } + // the file is trusted when it is located in guix store + if (strncmp(buf, guix_store, strlen(guix_store)) == 0) { + return 0; + } + if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) || (stp->st_mode & 022) != 0) { snprintf(err, errlen, "bad ownership or modes for file %s", diff --git a/readconf.c b/readconf.c index 7cbe7d2c2..40a5f1ace 100644 --- a/readconf.c +++ b/readconf.c @@ -2566,6 +2566,7 @@ read_config_file_depth(const char *filename, struct passwd *pw, { FILE *f; char *line = NULL; + char errmsg[512]; size_t linesize = 0; int linenum; int bad_options = 0; @@ -2581,9 +2582,9 @@ read_config_file_depth(const char *filename, struct passwd *pw, if (fstat(fileno(f), &sb) == -1) fatal("fstat %s: %s", filename, strerror(errno)); - if (((sb.st_uid != 0 && sb.st_uid != getuid()) || - (sb.st_mode & 022) != 0)) - fatal("Bad owner or permissions on %s", filename); + if (safe_path(filename, &sb, pw->pw_dir, pw->pw_uid, errmsg, sizeof(errmsg)) != 0) { + fatal(errmsg); + } } debug("Reading configuration data %.200s", filename); -- 2.49.0