From 100961e370db16979267b56acf73dd4523be9cd2 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 13 Jan 2015 11:16:32 +0100 Subject: [PATCH] Don't resolve symlinks while checking __impureHostDeps Since these come from untrusted users, we shouldn't do any I/O on them before we've checked that they're in an allowed prefix. --- src/libstore/build.cc | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 2bd0d2030..280fd6f6e 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -1784,10 +1784,13 @@ void DerivationGoal::startBuilder() for (auto & i : impurePaths) { bool found = false; - Path canonI = canonPath(i, true); + /* Note: we're not resolving symlinks here to prevent + giving a non-root user info about inaccessible + files. */ + Path canonI = canonPath(i); /* If only we had a trie to do this more efficiently :) luckily, these are generally going to be pretty small */ for (auto & a : allowedPaths) { - Path canonA = canonPath(a, true); + Path canonA = canonPath(a); if (canonI == canonA || isInDir(canonI, canonA)) { found = true; break;