summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess2014-11-21 16:01:51 -0400
committerJoey Hess2014-11-21 16:01:51 -0400
commitf6afeb889f4b11418daac7825c1adb1df4ff145c (patch)
treecd45365a8cc3dcee9a3df7b64f29b7b00305ecd7
parentc4accb72e20bc0906c1089c60574b844234d6401 (diff)
lock down chroot perm
-rw-r--r--src/Propellor/Property/Debootstrap.hs6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/Propellor/Property/Debootstrap.hs b/src/Propellor/Property/Debootstrap.hs
index 747662c5..0611e735 100644
--- a/src/Propellor/Property/Debootstrap.hs
+++ b/src/Propellor/Property/Debootstrap.hs
@@ -16,6 +16,7 @@ import Data.List
import Data.Char
import Control.Exception
import System.Posix.Directory
+import System.Posix.Files
type Url = String
@@ -63,6 +64,11 @@ built target system@(System _ arch) config =
setupprop = property ("debootstrapped " ++ target) $ liftIO $ do
createDirectoryIfMissing True target
+ -- Don't allow non-root users to see inside the chroot,
+ -- since doing so can allow them to do various attacks
+ -- including hard link farming suid programs for later
+ -- exploitation.
+ modifyFileMode target (removeModes [otherReadMode, otherExecuteMode, otherWriteMode])
suite <- case extractSuite system of
Nothing -> errorMessage $ "don't know how to debootstrap " ++ show system
Just s -> pure s