From f2a03acf3f42140f40fa5141b2b6ea94a554df64 Mon Sep 17 00:00:00 2001 From: Albert Safin Date: Fri, 17 Jan 2020 06:44:00 +0000 Subject: [PATCH] nix-shell: clean up the tmpDir and escape variables The problem fixed: each nix-shell invocation creates a new temporary directory (`/tmp/nix-shell-*`) and never cleans up. And while I'm here, shellescape all variables inlined into the rcfile. See what might happen without escaping: $ export TZ="';echo pwned'" $ nix-shell -p hello --run hello pwned Hello, world! --- src/nix-build/nix-build.cc | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/src/nix-build/nix-build.cc b/src/nix-build/nix-build.cc index 205165a4c..d9bec431e 100755 --- a/src/nix-build/nix-build.cc +++ b/src/nix-build/nix-build.cc @@ -423,13 +423,18 @@ static void _main(int argc, char * * argv) lose the current $PATH directories. */ auto rcfile = (Path) tmpDir + "/rc"; writeFile(rcfile, fmt( - (keepTmp ? "" : "rm -rf '%1%'; "s) + + R"(_nix_shell_clean_tmpdir() { rm -rf %1%; }; )"s + + (keepTmp ? + "trap _nix_shell_clean_tmpdir EXIT; " + "exitHooks+=(_nix_shell_clean_tmpdir); " + "failureHooks+=(_nix_shell_clean_tmpdir); ": + "_nix_shell_clean_tmpdir; ") + (pure ? "" : "[ -n \"$PS1\" ] && [ -e ~/.bashrc ] && source ~/.bashrc;") + "%2%" "dontAddDisableDepTrack=1; " "[ -e $stdenv/setup ] && source $stdenv/setup; " "%3%" - "PATH=\"%4%:$PATH\"; " + "PATH=%4%:\"$PATH\"; " "SHELL=%5%; " "set +e; " R"s([ -n "$PS1" ] && PS1='\n\[\033[1;32m\][nix-shell:\w]\$\[\033[0m\] '; )s" @@ -438,12 +443,12 @@ static void _main(int argc, char * * argv) "shopt -u nullglob; " "unset TZ; %6%" "%7%", - (Path) tmpDir, + shellEscape(tmpDir), (pure ? "" : "p=$PATH; "), (pure ? "" : "PATH=$PATH:$p; unset p; "), - dirOf(*shell), - *shell, - (getenv("TZ") ? (string("export TZ='") + getenv("TZ") + "'; ") : ""), + shellEscape(dirOf(*shell)), + shellEscape(*shell), + (getenv("TZ") ? (string("export TZ=") + shellEscape(getenv("TZ")) + "; ") : ""), envCommand)); Strings envStrs;