activation: Do not make setuid programs setgid-root [security].

Fixes <https://bugs.gnu.org/46395>.
Reported by Duncan Overbruck <mail@duncano.de>.

* gnu/build/activation.scm (activate-setuid-programs): Change TARGET
mode to not be setgid.

1 files changed, 2 insertions, 2 deletions

diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index 4b67926e88..b458aee4ae 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -234,7 +234,7 @@ they already exist."
                                  "/" (basename prog))))
       (copy-file prog target)
       (chown target 0 0)
-      (chmod target #o6555)))
+      (chmod target #o4555)))
 
   (format #t "setting up setuid programs in '~a'...~%"
           %setuid-directory)