activation: Do not make setuid programs setgid-root [security].

Fixes <https://bugs.gnu.org/46395>.
Reported by Duncan Overbruck <mail@duncano.de>.

* gnu/build/activation.scm (activate-setuid-programs): Change TARGET
mode to not be setgid.
This commit is contained in:
Ludovic Courtès 2021-02-09 09:55:27 +01:00
parent 91911b9382
commit aa8de80625
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
@ -234,7 +234,7 @@ they already exist."
"/" (basename prog))))
(copy-file prog target)
(chown target 0 0)
(chmod target #o6555)))
(chmod target #o4555)))
(format #t "setting up setuid programs in '~a'...~%"
%setuid-directory)