Set /nix/store permission to 1737

I.e., not readable to the nixbld group. This improves purity a bit for
non-chroot builds, because it prevents a builder from enumerating
store paths (i.e. it can only access paths it knows about).
This commit is contained in:
Eelco Dolstra 2015-01-08 16:39:07 +01:00
parent 128538ef06
commit 27b7b94923
2 changed files with 6 additions and 19 deletions

View file

@ -1736,21 +1736,6 @@ void DerivationGoal::startBuilder()
/* Change ownership of the temporary build directory. */
if (chown(tmpDir.c_str(), buildUser.getUID(), buildUser.getGID()) == -1)
throw SysError(format("cannot change ownership of %1%") % tmpDir);
/* Check that the Nix store has the appropriate permissions,
i.e., owned by root and mode 1775 (sticky bit on so that
the builder can create its output but not mess with the
outputs of other processes). */
struct stat st;
if (stat(settings.nixStore.c_str(), &st) == -1)
throw SysError(format("cannot stat %1%") % settings.nixStore);
if (!(st.st_mode & S_ISVTX) ||
((st.st_mode & S_IRWXG) != S_IRWXG) ||
(st.st_gid != buildUser.getGID()))
throw Error(format(
"builder does not have write permission to %2%; "
"try chgrp %1% %2%; chmod 1775 %2%")
% buildUser.getGID() % settings.nixStore);
}

View file

@ -251,10 +251,12 @@ LocalStore::LocalStore(bool reserveSpace)
multi-user install. */
if (getuid() == 0 && settings.buildUsersGroup != "") {
mode_t perm = 01737;
Path perUserDir = profilesDir + "/per-user";
createDirs(perUserDir);
if (chmod(perUserDir.c_str(), 01777) == -1)
throw SysError(format("could not set permissions on %1% to 1777") % perUserDir);
if (chmod(perUserDir.c_str(), perm) == -1)
throw SysError(format("could not set permissions on %1% to 1737") % perUserDir);
struct group * gr = getgrnam(settings.buildUsersGroup.c_str());
if (!gr)
@ -265,10 +267,10 @@ LocalStore::LocalStore(bool reserveSpace)
if (stat(settings.nixStore.c_str(), &st))
throw SysError(format("getting attributes of path %1%") % settings.nixStore);
if (st.st_uid != 0 || st.st_gid != gr->gr_gid || (st.st_mode & ~S_IFMT) != 01775) {
if (st.st_uid != 0 || st.st_gid != gr->gr_gid || (st.st_mode & ~S_IFMT) != perm) {
if (chown(settings.nixStore.c_str(), 0, gr->gr_gid) == -1)
throw SysError(format("changing ownership of path %1%") % settings.nixStore);
if (chmod(settings.nixStore.c_str(), 01775) == -1)
if (chmod(settings.nixStore.c_str(), perm) == -1)
throw SysError(format("changing permissions on path %1%") % settings.nixStore);
}
}