From 84a84afb0ec60551c606fa95699afb6153465704 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 24 Jan 2007 13:31:20 +0000 Subject: [PATCH] * Nasty: Glibc clears the TMPDIR environment variable in setuid programs, so if a builder uses TMPDIR, then it will fail when executed through nix-setuid-helper. In fact Glibc clears a whole bunch of variables (see sysdeps/generic/unsecvars.h in the Glibc sources), but only TMPDIR should matter in practice. As a workaround, we reinitialise TMPDIR from NIX_BUILD_TOP. --- src/nix-setuid-helper/nix-setuid-helper.cc | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/nix-setuid-helper/nix-setuid-helper.cc b/src/nix-setuid-helper/nix-setuid-helper.cc index 168cff40a..ffb2abc1f 100644 --- a/src/nix-setuid-helper/nix-setuid-helper.cc +++ b/src/nix-setuid-helper/nix-setuid-helper.cc @@ -128,8 +128,15 @@ static void runBuilder(uid_t uidNix, gid_t gidBuildUsers, for (int i = 0; i < argc; ++i) args.push_back(argv[i]); args.push_back(0); + + environ = env; + + /* Glibc clears TMPDIR in setuid programs (see + sysdeps/generic/unsecvars.h in the Glibc sources), so bring it + back. */ + setenv("TMPDIR", getenv("NIX_BUILD_TOP"), 1); - if (execve(program.c_str(), (char * *) &args[0], env) == -1) + if (execv(program.c_str(), (char * *) &args[0]) == -1) throw SysError(format("cannot execute `%1%'") % program); }