5526a282b5
It turns out that in multi-user Nix, a builder may be able to do ln /etc/shadow $out/foo Afterwards, canonicalisePathMetaData() will be applied to $out/foo, causing /etc/shadow's mode to be set to 444 (readable by everybody but writable by nobody). That's obviously Very Bad. Fortunately, this fails in NixOS's default configuration because /nix/store is a bind mount, so "ln" will fail with "Invalid cross-device link". It also fails if hard-link restrictions are enabled, so a workaround is: echo 1 > /proc/sys/fs/protected_hardlinks The solution is to check that all files in $out are owned by the build user. This means that innocuous operations like "ln ${pkgs.foo}/some-file $out/" are now rejected, but that already failed in chroot builds anyway. |
||
---|---|---|
.. | ||
boost | ||
bsdiff-4.3 | ||
libexpr | ||
libmain | ||
libstore | ||
libutil | ||
nix-daemon | ||
nix-env | ||
nix-hash | ||
nix-instantiate | ||
nix-log2xml | ||
nix-setuid-helper | ||
nix-store | ||
Makefile.am |