* Also kill all processes of the build user after the build. This is

critical to prevent certain kinds of 0wnage.
This commit is contained in:
Eelco Dolstra 2005-10-17 17:43:21 +00:00
parent f1b3a418fa
commit 13b089c890

View file

@ -676,6 +676,14 @@ void DerivationGoal::buildDone()
/* So the child is gone now. */ /* So the child is gone now. */
worker.childTerminated(savedPid); worker.childTerminated(savedPid);
/* When running under a build user, make sure that all processes
running under that uid are gone. This is to prevent a
malicious user from leaving behind a process that keeps files
open and modifies them after they have been chown'ed to
root. */
if (buildUser != 0)
killUser(buildUser);
/* Close the read side of the logger pipe. */ /* Close the read side of the logger pipe. */
logPipe.readSide.close(); logPipe.readSide.close();