[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
14/27: Set /nix/store permission to 1737
From: |
Ludovic Courtès |
Subject: |
14/27: Set /nix/store permission to 1737 |
Date: |
Wed, 03 Jun 2015 22:00:40 +0000 |
civodul pushed a commit to branch nix
in repository guix.
commit 35605c4407a677752ed51a0f829cc0f42047b115
Author: Eelco Dolstra <address@hidden>
Date: Thu Jan 8 16:39:07 2015 +0100
Set /nix/store permission to 1737
I.e., not readable to the nixbld group. This improves purity a bit for
non-chroot builds, because it prevents a builder from enumerating
store paths (i.e. it can only access paths it knows about).
---
nix/libstore/build.cc | 17 +----------------
nix/libstore/local-store.cc | 27 +++++++++++++++------------
2 files changed, 16 insertions(+), 28 deletions(-)
diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
index c99bbed..43a6dd8 100644
--- a/nix/libstore/build.cc
+++ b/nix/libstore/build.cc
@@ -1746,22 +1746,7 @@ void DerivationGoal::startBuilder()
/* Change ownership of the temporary build directory. */
if (chown(tmpDir.c_str(), buildUser.getUID(), buildUser.getGID()) ==
-1)
- throw SysError(format("cannot change ownership of `%1%'") %
tmpDir);
-
- /* Check that the Nix store has the appropriate permissions,
- i.e., owned by root and mode 1775 (sticky bit on so that
- the builder can create its output but not mess with the
- outputs of other processes). */
- struct stat st;
- if (stat(settings.nixStore.c_str(), &st) == -1)
- throw SysError(format("cannot stat `%1%'") % settings.nixStore);
- if (!(st.st_mode & S_ISVTX) ||
- ((st.st_mode & S_IRWXG) != S_IRWXG) ||
- (st.st_gid != buildUser.getGID()))
- throw Error(format(
- "builder does not have write permission to `%2%'; "
- "try `chgrp %1% %2%; chmod 1775 %2%'")
- % buildUser.getGID() % settings.nixStore);
+ throw SysError(format("cannot change ownership of '%1%'") %
tmpDir);
}
diff --git a/nix/libstore/local-store.cc b/nix/libstore/local-store.cc
index 00effa0..64ed41c 100644
--- a/nix/libstore/local-store.cc
+++ b/nix/libstore/local-store.cc
@@ -251,25 +251,28 @@ LocalStore::LocalStore(bool reserveSpace)
multi-user install. */
if (getuid() == 0 && settings.buildUsersGroup != "") {
+ mode_t perm = 01737;
+
Path perUserDir = profilesDir + "/per-user";
createDirs(perUserDir);
- if (chmod(perUserDir.c_str(), 01777) == -1)
- throw SysError(format("could not set permissions on `%1%' to
1777") % perUserDir);
+ if (chmod(perUserDir.c_str(), perm) == -1)
+ throw SysError(format("could not set permissions on '%1%' to
1737") % perUserDir);
struct group * gr = getgrnam(settings.buildUsersGroup.c_str());
if (!gr)
throw Error(format("the group `%1%' specified in
`build-users-group' does not exist")
% settings.buildUsersGroup);
-
- struct stat st;
- if (stat(settings.nixStore.c_str(), &st))
- throw SysError(format("getting attributes of path `%1%'") %
settings.nixStore);
-
- if (st.st_uid != 0 || st.st_gid != gr->gr_gid || (st.st_mode &
~S_IFMT) != 01775) {
- if (chown(settings.nixStore.c_str(), 0, gr->gr_gid) == -1)
- throw SysError(format("changing ownership of path `%1%'") %
settings.nixStore);
- if (chmod(settings.nixStore.c_str(), 01775) == -1)
- throw SysError(format("changing permissions on path `%1%'") %
settings.nixStore);
+ else {
+ struct stat st;
+ if (stat(settings.nixStore.c_str(), &st))
+ throw SysError(format("getting attributes of path '%1%'") %
settings.nixStore);
+
+ if (st.st_uid != 0 || st.st_gid != gr->gr_gid || (st.st_mode &
~S_IFMT) != perm) {
+ if (chown(settings.nixStore.c_str(), 0, gr->gr_gid) == -1)
+ throw SysError(format("changing ownership of path '%1%'")
% settings.nixStore);
+ if (chmod(settings.nixStore.c_str(), perm) == -1)
+ throw SysError(format("changing permissions on path
'%1%'") % settings.nixStore);
+ }
}
}
- 03/27: Remove tabs, (continued)
- 03/27: Remove tabs, Ludovic Courtès, 2015/06/03
- 07/27: Shut up a Valgrind warning, Ludovic Courtès, 2015/06/03
- 06/27: Fix some memory leaks, Ludovic Courtès, 2015/06/03
- 08/27: Silence some warnings on GCC 4.9, Ludovic Courtès, 2015/06/03
- 09/27: Better error message, Ludovic Courtès, 2015/06/03
- 10/27: Explicitly include required C headers, Ludovic Courtès, 2015/06/03
- 05/27: Ensure we're writing to stderr in the builder, Ludovic Courtès, 2015/06/03
- 12/27: libutil: Improve errmsg on readLink size mismatch., Ludovic Courtès, 2015/06/03
- 13/27: libutil: Limit readLink() error to only overflows., Ludovic Courtès, 2015/06/03
- 11/27: Pedantry, Ludovic Courtès, 2015/06/03
- 14/27: Set /nix/store permission to 1737,
Ludovic Courtès <=
- 16/27: Doh^2, Ludovic Courtès, 2015/06/03
- 17/27: Simplify printHash32, Ludovic Courtès, 2015/06/03
- 18/27: Simplify parseHash32, Ludovic Courtès, 2015/06/03
- 19/27: Use pivot_root in addition to chroot when possible, Ludovic Courtès, 2015/06/03
- 15/27: Doh, Ludovic Courtès, 2015/06/03
- 22/27: Tighten permissions on chroot directories, Ludovic Courtès, 2015/06/03
- 20/27: Use chroots for all derivations, Ludovic Courtès, 2015/06/03
- 25/27: Revert /nix/store permission back to 01775, Ludovic Courtès, 2015/06/03
- 21/27: Fix typos: s/the the/the/, Ludovic Courtès, 2015/06/03
- 24/27: Chroot builds: Provide world-readable /nix/store, Ludovic Courtès, 2015/06/03