38/376: Fix security hole in ‘nix-store --serve’

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

38/376: Fix security hole in ‘nix-store --serve’

From:	Ludovic Court�s
Subject:	38/376: Fix security hole in ‘nix-store --serve’
Date:	Wed, 28 Jan 2015 22:03:53 +0000

civodul pushed a commit to tag 1.8
in repository guix.

commit 2c3a8f787ba9da49feafdec4022534184e0a96a3
Author: Eelco Dolstra <address@hidden>
Date:   Thu Jul 10 11:46:01 2014 +0200

    Fix security hole in ‘nix-store --serve’
    
    Since it didn't check that the path received from the client is a
    store path, the client could dump any path in the file system.
---
 src/nix-store/nix-store.cc |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/nix-store/nix-store.cc b/src/nix-store/nix-store.cc
index 4fee725..5bcb82f 100644
--- a/src/nix-store/nix-store.cc
+++ b/src/nix-store/nix-store.cc
@@ -923,7 +923,7 @@ static void opServe(Strings opFlags, Strings opArgs)
             }
             break;
         case cmdSubstitute:
-            dumpPath(readString(in), out);
+            dumpPath(readStorePath(in), out);
             break;
         default:
             throw Error(format("unknown serve command `%1%'") % cmd);

[Prev in Thread]

Current Thread

[Next in Thread]

29/376: Merge branch 'shlevy-import-native', (continued)
- 29/376: Merge branch 'shlevy-import-native', Ludovic Court�s, 2015/01/28
- 20/376: == operator: Ignore string context, Ludovic Court�s, 2015/01/28
- 30/376: allow-arbitrary-code-during-evaluation -> allow-unsafe-native-code-during-evaluation, Ludovic Court�s, 2015/01/28
- 32/376: Style fix, Ludovic Court�s, 2015/01/28
- 24/376: Drop ImportError and FindError, Ludovic Court�s, 2015/01/28
- 31/376: Add `--json` argument to `nix-instantiate`, Ludovic Court�s, 2015/01/28
- 33/376: Manual: html -> xhtml, Ludovic Court�s, 2015/01/28
- 25/376: Fix bogus warnings about dumping large paths, Ludovic Court�s, 2015/01/28
- 36/376: Fix compilation error on some versions of GCC, Ludovic Court�s, 2015/01/28
- 37/376: Add a test for the SSH substituter, Ludovic Court�s, 2015/01/28
- 38/376: Fix security hole in ‘nix-store --serve’, Ludovic Court�s <=
- 35/376: Don't build on Ubuntu 10.10, Ludovic Court�s, 2015/01/28
- 34/376: Add builtin function ‘fromJSON’, Ludovic Court�s, 2015/01/28
- 41/376: nix-copy-closure: Restore compression and the progress viewer, Ludovic Court�s, 2015/01/28
- 40/376: Remove maybeVfork, Ludovic Court�s, 2015/01/28
- 39/376: nix-copy-closure: Fix race condition, Ludovic Court�s, 2015/01/28
- 23/376: findFile: Realise the context of the path attributes, Ludovic Court�s, 2015/01/28
- 44/376: nix-copy-closure: Fix --dry-run, Ludovic Court�s, 2015/01/28
- 46/376: Fix use of sysread, Ludovic Court�s, 2015/01/28
- 45/376: nix-copy-closure -s: Do substitutions via ‘nix-store --serve’, Ludovic Court�s, 2015/01/28
- 48/376: Fix broken Pid constructor, Ludovic Court�s, 2015/01/28

Prev by Date: 37/376: Add a test for the SSH substituter
Next by Date: 35/376: Don't build on Ubuntu 10.10
Previous by thread: 37/376: Add a test for the SSH substituter
Next by thread: 35/376: Don't build on Ubuntu 10.10
Index(es):
- Date
- Thread