Eelco Dolstra 5526a282b5 Security: Don't allow builders to change permissions on files they don't own ... It turns out that in multi-user Nix, a builder may be able to do ln /etc/shadow $out/foo Afterwards, canonicalisePathMetaData() will be applied to $out/foo, causing /etc/shadow's mode to be set to 444 (readable by everybody but writable by nobody). That's obviously Very Bad. Fortunately, this fails in NixOS's default configuration because /nix/store is a bind mount, so "ln" will fail with "Invalid cross-device link". It also fails if hard-link restrictions are enabled, so a workaround is: echo 1 > /proc/sys/fs/protected_hardlinks The solution is to check that all files in $out are owned by the build user. This means that innocuous operations like "ln ${pkgs.foo}/some-file $out/" are now rejected, but that already failed in chroot builds anyway.		2013-02-26 02:30:19 +01:00
..
boost
bsdiff-4.3	Drop the externals directory	2012-03-18 23:54:57 +01:00
libexpr	Make "${./path} ..." evaluate to a string, not a path	2013-02-08 20:04:04 +01:00
libmain	build-remote: Use the --quiet flag	2013-02-19 16:56:31 +01:00
libstore	Security: Don't allow builders to change permissions on files they don't own	2013-02-26 02:30:19 +01:00
libutil	Remove tabs	2013-01-03 13:00:46 +01:00
nix-daemon	Add `Settings::nixDaemonSocketFile'.	2013-02-19 10:19:18 +01:00
nix-env	Allow setting the profile location using $NIX_PROFILE	2012-12-12 16:01:46 +01:00
nix-hash	When ‘--help’ is given, just run ‘man’ to show the manual page	2012-10-03 16:40:09 -04:00
nix-instantiate	nix-instantiate: Fix read-only evaluation	2012-11-26 17:41:10 +01:00
nix-log2xml
nix-setuid-helper	Templatise tokenizeString()	2012-09-19 15:43:23 -04:00
nix-store	Security: Don't allow builders to change permissions on files they don't own	2013-02-26 02:30:19 +01:00
Makefile.am	Rename nix-worker to nix-daemon	2012-10-03 17:59:23 -04:00