Don't resolve symlinks while checking __impureHostDeps
Since these come from untrusted users, we shouldn't do any I/O on them before we've checked that they're in an allowed prefix.
This commit is contained in:
parent
f1151a3373
commit
100961e370
|
@ -1784,10 +1784,13 @@ void DerivationGoal::startBuilder()
|
|||
|
||||
for (auto & i : impurePaths) {
|
||||
bool found = false;
|
||||
Path canonI = canonPath(i, true);
|
||||
/* Note: we're not resolving symlinks here to prevent
|
||||
giving a non-root user info about inaccessible
|
||||
files. */
|
||||
Path canonI = canonPath(i);
|
||||
/* If only we had a trie to do this more efficiently :) luckily, these are generally going to be pretty small */
|
||||
for (auto & a : allowedPaths) {
|
||||
Path canonA = canonPath(a, true);
|
||||
Path canonA = canonPath(a);
|
||||
if (canonI == canonA || isInDir(canonI, canonA)) {
|
||||
found = true;
|
||||
break;
|
||||
|
|
Loading…
Reference in a new issue