* Nasty: Glibc clears the TMPDIR environment variable in setuid

programs, so if a builder uses TMPDIR, then it will fail when
  executed through nix-setuid-helper.  In fact Glibc clears a whole
  bunch of variables (see sysdeps/generic/unsecvars.h in the Glibc
  sources), but only TMPDIR should matter in practice.  As a
  workaround, we reinitialise TMPDIR from NIX_BUILD_TOP.
This commit is contained in:
Eelco Dolstra 2007-01-24 13:31:20 +00:00
parent fac63d6416
commit 84a84afb0e

View file

@ -128,8 +128,15 @@ static void runBuilder(uid_t uidNix, gid_t gidBuildUsers,
for (int i = 0; i < argc; ++i)
args.push_back(argv[i]);
args.push_back(0);
environ = env;
/* Glibc clears TMPDIR in setuid programs (see
sysdeps/generic/unsecvars.h in the Glibc sources), so bring it
back. */
setenv("TMPDIR", getenv("NIX_BUILD_TOP"), 1);
if (execve(program.c_str(), (char * *) &args[0], env) == -1)
if (execv(program.c_str(), (char * *) &args[0]) == -1)
throw SysError(format("cannot execute `%1%'") % program);
}