From f6afeb889f4b11418daac7825c1adb1df4ff145c Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 21 Nov 2014 16:01:51 -0400 Subject: lock down chroot perm --- src/Propellor/Property/Debootstrap.hs | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/Debootstrap.hs b/src/Propellor/Property/Debootstrap.hs index 747662c5..0611e735 100644 --- a/src/Propellor/Property/Debootstrap.hs +++ b/src/Propellor/Property/Debootstrap.hs @@ -16,6 +16,7 @@ import Data.List import Data.Char import Control.Exception import System.Posix.Directory +import System.Posix.Files type Url = String @@ -63,6 +64,11 @@ built target system@(System _ arch) config = setupprop = property ("debootstrapped " ++ target) $ liftIO $ do createDirectoryIfMissing True target + -- Don't allow non-root users to see inside the chroot, + -- since doing so can allow them to do various attacks + -- including hard link farming suid programs for later + -- exploitation. + modifyFileMode target (removeModes [otherReadMode, otherExecuteMode, otherWriteMode]) suite <- case extractSuite system of Nothing -> errorMessage $ "don't know how to debootstrap " ++ show system Just s -> pure s -- cgit v1.2.3