about summary refs log tree commit diff
diff options
context:
space:
mode:
authorShea Levy <shea@shealevy.com>2015-01-13T14·40-0500
committerEelco Dolstra <eelco.dolstra@logicblox.com>2015-01-13T14·41+0100
commit79ca5033329053caa364bb2f7e50953f859cc97f (patch)
treed75f7d1fe3d18de2b5616636d0474e81238aedc7
parentfcf57aad27d0785df18015d0f115fa09c7577ed3 (diff)
Allow using /bin and /usr/bin as impure prefixes on non-darwin by default
These directories are generally world-readable anyway, and give us the two
most common linux impurities (env and sh)
-rw-r--r--src/libstore/build.cc2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 575777c8a5ee..5285d39df2d6 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -56,7 +56,7 @@
     #define DEFAULT_ALLOWED_IMPURE_PREFIXES "/System/Library/Frameworks /usr/lib /dev /bin/sh"
 #else
     #define SANDBOX_ENABLED 0
-    #define DEFAULT_ALLOWED_IMPURE_PREFIXES ""
+    #define DEFAULT_ALLOWED_IMPURE_PREFIXES "/bin" "/usr/bin"
 #endif
 
 #if CHROOT_ENABLED