From f6bc3d61cf0a195d28256e85901eb96db315739c Mon Sep 17 00:00:00 2001
From: Michael Raskin <7c6f434c@mail.ru>
Date: Wed, 20 Oct 2010 09:29:02 +0000
Subject: [PATCH] To prevent glibc bug exploitation, make setuid-wrappers
 unreadable to non-root users

svn path=/nixos/trunk/; revision=24378
---
 modules/security/setuid-wrappers.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/security/setuid-wrappers.nix b/modules/security/setuid-wrappers.nix
index a7238b9add5..027032a7c27 100644
--- a/modules/security/setuid-wrappers.nix
+++ b/modules/security/setuid-wrappers.nix
@@ -92,7 +92,7 @@ in
           , group ? "nogroup"
           , setuid ? false
           , setgid ? false
-          , permissions ? "u+rx,g+rx,o+rx"
+          , permissions ? "u+rx,g+x,o+x"
           }:
 
           ''