38/118: Fix security hole in ‘nix-store --serve’

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

38/118: Fix security hole in ‘nix-store --serve’

From:	Ludovic Court�s
Subject:	38/118: Fix security hole in ‘nix-store --serve’
Date:	Tue, 19 May 2015 14:45:30 +0000

civodul pushed a commit to branch nix
in repository guix.

commit 2c3a8f787ba9da49feafdec4022534184e0a96a3
Author: Eelco Dolstra <address@hidden>
Date:   Thu Jul 10 11:46:01 2014 +0200

    Fix security hole in ‘nix-store --serve’
    
    Since it didn't check that the path received from the client is a
    store path, the client could dump any path in the file system.
---
 src/nix-store/nix-store.cc |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/nix-store/nix-store.cc b/src/nix-store/nix-store.cc
index 4fee725..5bcb82f 100644
--- a/src/nix-store/nix-store.cc
+++ b/src/nix-store/nix-store.cc
@@ -923,7 +923,7 @@ static void opServe(Strings opFlags, Strings opArgs)
             }
             break;
         case cmdSubstitute:
-            dumpPath(readString(in), out);
+            dumpPath(readStorePath(in), out);
             break;
         default:
             throw Error(format("unknown serve command `%1%'") % cmd);

[Prev in Thread]

Current Thread

[Next in Thread]

28/118: Only add the importNative primop if the allow-arbitrary-code-during-evaluation option is true (default false), (continued)
- 28/118: Only add the importNative primop if the allow-arbitrary-code-during-evaluation option is true (default false), Ludovic Court�s, 2015/05/19
- 30/118: allow-arbitrary-code-during-evaluation -> allow-unsafe-native-code-during-evaluation, Ludovic Court�s, 2015/05/19
- 34/118: Add builtin function ‘fromJSON’, Ludovic Court�s, 2015/05/19
- 36/118: Fix compilation error on some versions of GCC, Ludovic Court�s, 2015/05/19
- 32/118: Style fix, Ludovic Court�s, 2015/05/19
- 46/118: Fix use of sysread, Ludovic Court�s, 2015/05/19
- 33/118: Manual: html -> xhtml, Ludovic Court�s, 2015/05/19
- 45/118: nix-copy-closure -s: Do substitutions via ‘nix-store --serve’, Ludovic Court�s, 2015/05/19
- 40/118: Remove maybeVfork, Ludovic Court�s, 2015/05/19
- 50/118: Fix closure size display, Ludovic Court�s, 2015/05/19
- 38/118: Fix security hole in ‘nix-store --serve’, Ludovic Court�s <=
- 43/118: Remove tabs, Ludovic Court�s, 2015/05/19
- 35/118: Don't build on Ubuntu 10.10, Ludovic Court�s, 2015/05/19
- 44/118: nix-copy-closure: Fix --dry-run, Ludovic Court�s, 2015/05/19
- 47/118: Replace message "importing path <...>" with "exporting path <...>", Ludovic Court�s, 2015/05/19
- 37/118: Add a test for the SSH substituter, Ludovic Court�s, 2015/05/19
- 39/118: nix-copy-closure: Fix race condition, Ludovic Court�s, 2015/05/19
- 49/118: Allow $NIX_BUILD_HOOK to be relative to Nix libexec directory, Ludovic Court�s, 2015/05/19
- 52/118: Fix test, Ludovic Court�s, 2015/05/19
- 42/118: Refactoring: Move all fork handling into a higher-order function, Ludovic Court�s, 2015/05/19
- 41/118: nix-copy-closure: Restore compression and the progress viewer, Ludovic Court�s, 2015/05/19

Prev by Date: 50/118: Fix closure size display
Next by Date: 43/118: Remove tabs
Previous by thread: 50/118: Fix closure size display
Next by thread: 43/118: Remove tabs
Index(es):
- Date
- Thread