diff options
| author | Graham Christensen <graham@grahamc.com> | 2019-05-11T19·57-0400 |
|---|---|---|
| committer | Graham Christensen <graham@grahamc.com> | 2019-05-12T17·17-0400 |
| commit | dde8eeb39ae9fb73011462c74e5fa6405e432147 (patch) | |
| tree | 87d22182a034b9c986e03031093c353c9783fa51 | |
| parent | 6df61db0600ca73ccd51e3e5bec5312a04e99da1 (diff) | |
chdir, setgroups
| -rw-r--r-- | src/libstore/build.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index f38d2eaa0cde..8397cd0d1dd7 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -466,8 +466,12 @@ void handleDiffHook(bool allowVfork, uid_t uid, uid_t gid, Path tryA, Path tryB, auto diffHook = settings.diffHook; if (diffHook != "" && settings.runDiffHook) { auto wrapper = [&]() { + if (chdir("/") == -1) + throw SysError("chdir / failed"); if (setgid(gid) == -1) throw SysError("setgid failed"); + if (setgroups(0, 0) == -1) + throw SysError("setgroups failed"); if (setuid(uid) == -1) throw SysError("setuid failed"); |