forked from lix-project/lix
* Nasty: Glibc clears the TMPDIR environment variable in setuid
programs, so if a builder uses TMPDIR, then it will fail when executed through nix-setuid-helper. In fact Glibc clears a whole bunch of variables (see sysdeps/generic/unsecvars.h in the Glibc sources), but only TMPDIR should matter in practice. As a workaround, we reinitialise TMPDIR from NIX_BUILD_TOP.
This commit is contained in:
parent
fac63d6416
commit
84a84afb0e
1 changed files with 8 additions and 1 deletions
|
@ -128,8 +128,15 @@ static void runBuilder(uid_t uidNix, gid_t gidBuildUsers,
|
||||||
for (int i = 0; i < argc; ++i)
|
for (int i = 0; i < argc; ++i)
|
||||||
args.push_back(argv[i]);
|
args.push_back(argv[i]);
|
||||||
args.push_back(0);
|
args.push_back(0);
|
||||||
|
|
||||||
|
environ = env;
|
||||||
|
|
||||||
|
/* Glibc clears TMPDIR in setuid programs (see
|
||||||
|
sysdeps/generic/unsecvars.h in the Glibc sources), so bring it
|
||||||
|
back. */
|
||||||
|
setenv("TMPDIR", getenv("NIX_BUILD_TOP"), 1);
|
||||||
|
|
||||||
if (execve(program.c_str(), (char * *) &args[0], env) == -1)
|
if (execv(program.c_str(), (char * *) &args[0]) == -1)
|
||||||
throw SysError(format("cannot execute `%1%'") % program);
|
throw SysError(format("cannot execute `%1%'") % program);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue