eisfunke/lix
0
0
Fork 0
forked from lix-project/lix
Code Pull requests Activity

Set /nix/store permission to 1737

Browse source 
I.e., not readable to the nixbld group. This improves purity a bit for
non-chroot builds, because it prevents a builder from enumerating
store paths (i.e. it can only access paths it knows about).
This commit is contained in:
Eelco Dolstra 2015-01-08 16:39:07 +01:00
parent 128538ef06
commit 27b7b94923
2 changed files with 6 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
src/libstore/build.cc
View file

@ -1736,21 +1736,6 @@ void DerivationGoal::startBuilder()
/* Change ownership of the temporary build directory. */ /* Change ownership of the temporary build directory. */
if (chown(tmpDir.c_str(), buildUser.getUID(), buildUser.getGID()) == -1) if (chown(tmpDir.c_str(), buildUser.getUID(), buildUser.getGID()) == -1)
throw SysError(format("cannot change ownership of %1%") % tmpDir); throw SysError(format("cannot change ownership of %1%") % tmpDir);
/* Check that the Nix store has the appropriate permissions,
i.e., owned by root and mode 1775 (sticky bit on so that
the builder can create its output but not mess with the
outputs of other processes). */
struct stat st;
if (stat(settings.nixStore.c_str(), &st) == -1)
throw SysError(format("cannot stat %1%") % settings.nixStore);
if (!(st.st_mode & S_ISVTX) ||
((st.st_mode & S_IRWXG) != S_IRWXG) ||
(st.st_gid != buildUser.getGID()))
throw Error(format(
"builder does not have write permission to %2%; "
"try chgrp %1% %2%; chmod 1775 %2%")
% buildUser.getGID() % settings.nixStore);
} }

10
src/libstore/local-store.cc
View file

@ -251,10 +251,12 @@ LocalStore::LocalStore(bool reserveSpace)
multi-user install. */ multi-user install. */
if (getuid() == 0 && settings.buildUsersGroup != "") { if (getuid() == 0 && settings.buildUsersGroup != "") {
mode_t perm = 01737;
Path perUserDir = profilesDir + "/per-user"; Path perUserDir = profilesDir + "/per-user";
createDirs(perUserDir); createDirs(perUserDir);
if (chmod(perUserDir.c_str(), 01777) == -1) if (chmod(perUserDir.c_str(), perm) == -1)
throw SysError(format("could not set permissions on %1% to 1777") % perUserDir); throw SysError(format("could not set permissions on %1% to 1737") % perUserDir);
struct group * gr = getgrnam(settings.buildUsersGroup.c_str()); struct group * gr = getgrnam(settings.buildUsersGroup.c_str());
if (!gr) if (!gr)
@ -265,10 +267,10 @@ LocalStore::LocalStore(bool reserveSpace)
if (stat(settings.nixStore.c_str(), &st)) if (stat(settings.nixStore.c_str(), &st))
throw SysError(format("getting attributes of path %1%") % settings.nixStore); throw SysError(format("getting attributes of path %1%") % settings.nixStore);
if (st.st_uid != 0 || st.st_gid != gr->gr_gid || (st.st_mode & ~S_IFMT) != 01775) { if (st.st_uid != 0 || st.st_gid != gr->gr_gid || (st.st_mode & ~S_IFMT) != perm) {
if (chown(settings.nixStore.c_str(), 0, gr->gr_gid) == -1) if (chown(settings.nixStore.c_str(), 0, gr->gr_gid) == -1)
throw SysError(format("changing ownership of path %1%") % settings.nixStore); throw SysError(format("changing ownership of path %1%") % settings.nixStore);
if (chmod(settings.nixStore.c_str(), 01775) == -1) if (chmod(settings.nixStore.c_str(), perm) == -1)
throw SysError(format("changing permissions on path %1%") % settings.nixStore); throw SysError(format("changing permissions on path %1%") % settings.nixStore);
} }
} }