From f6bc3d61cf0a195d28256e85901eb96db315739c Mon Sep 17 00:00:00 2001 From: Michael Raskin <7c6f434c@mail.ru> Date: Wed, 20 Oct 2010 09:29:02 +0000 Subject: [PATCH] To prevent glibc bug exploitation, make setuid-wrappers unreadable to non-root users svn path=/nixos/trunk/; revision=24378 --- modules/security/setuid-wrappers.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/security/setuid-wrappers.nix b/modules/security/setuid-wrappers.nix index a7238b9add5..027032a7c27 100644 --- a/modules/security/setuid-wrappers.nix +++ b/modules/security/setuid-wrappers.nix @@ -92,7 +92,7 @@ in , group ? "nogroup" , setuid ? false , setgid ? false - , permissions ? "u+rx,g+rx,o+rx" + , permissions ? "u+rx,g+x,o+x" }: ''