about summary refs log tree commit diff
diff options
context:
space:
mode:
authorEelco Dolstra <e.dolstra@tudelft.nl>2011-07-20T12·15+0000
committerEelco Dolstra <e.dolstra@tudelft.nl>2011-07-20T12·15+0000
commitd2bfe1b071d0d71bb981535a53e9c5de43aaac81 (patch)
treeebf46ffb027950c453f25588204b98b7bbc58c2b
parent4bdb51e621e2690e561b7581d5670af08e7b3170 (diff)
* Added a test that make sure that users cannot register
  specially-crafted derivations that produce output paths belonging to
  other derivations.  This could be used to inject malware into the
  store.

-rw-r--r--tests/Makefile.am3
-rw-r--r--tests/secure-drv-outputs.nix23
-rw-r--r--tests/secure-drv-outputs.sh37
3 files changed, 62 insertions, 1 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am
index d383bce248ea..956015be99a6 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -8,7 +8,7 @@ TESTS = init.sh hash.sh lang.sh add.sh simple.sh dependencies.sh \
   referrers.sh user-envs.sh logging.sh nix-build.sh misc.sh fixed.sh \
   gc-runtime.sh install-package.sh check-refs.sh filter-source.sh \
   remote-store.sh export.sh export-graph.sh negative-caching.sh \
-  binary-patching.sh timeout.sh
+  binary-patching.sh timeout.sh secure-drv-outputs.sh
 
 XFAIL_TESTS =
 
@@ -34,5 +34,6 @@ EXTRA_DIST = $(TESTS) \
   negative-caching.nix \
   binary-patching.nix \
   timeout.nix timeout.builder.sh \
+  secure-drv-outputs.nix \
   $(wildcard lang/*.nix) $(wildcard lang/*.exp) $(wildcard lang/*.exp.xml) $(wildcard lang/*.flags) \
   common.sh.in
diff --git a/tests/secure-drv-outputs.nix b/tests/secure-drv-outputs.nix
new file mode 100644
index 000000000000..da4012eb41c0
--- /dev/null
+++ b/tests/secure-drv-outputs.nix
@@ -0,0 +1,23 @@
+with import ./config.nix;
+
+{
+
+  good = mkDerivation {
+    name = "good";
+    builder = builtins.toFile "builder"
+      ''
+        mkdir $out
+        touch $out/good
+      '';
+  };
+
+  bad = mkDerivation {
+    name = "good";
+    builder = builtins.toFile "builder"
+      ''
+        mkdir $out
+        touch $out/bad
+      '';
+  };
+
+}
diff --git a/tests/secure-drv-outputs.sh b/tests/secure-drv-outputs.sh
new file mode 100644
index 000000000000..25dd6bfc01fe
--- /dev/null
+++ b/tests/secure-drv-outputs.sh
@@ -0,0 +1,37 @@
+# Test that users cannot register specially-crafted derivations that
+# produce output paths belonging to other derivations.  This could be
+# used to inject malware into the store.
+
+source common.sh
+
+clearStore
+clearManifests
+
+startDaemon
+
+# Determine the output path of the "good" derivation.
+goodOut=$($nixstore -q $($nixinstantiate ./secure-drv-outputs.nix -A good))
+
+# Instantiate the "bad" derivation.
+badDrv=$($nixinstantiate ./secure-drv-outputs.nix -A bad)
+badOut=$($nixstore -q $badDrv)
+
+# Rewrite the bad derivation to produce the output path of the good
+# derivation.
+rm -f $TEST_ROOT/bad.drv
+sed -e "s|$badOut|$goodOut|g" < $badDrv > $TEST_ROOT/bad.drv
+
+# Add the manipulated derivation to the store and build it.  This
+# should fail.
+if badDrv2=$($nixstore --add $TEST_ROOT/bad.drv); then
+    $nixstore -r "$badDrv2"
+fi
+
+# Now build the good derivation.
+goodOut2=$($nixbuild ./secure-drv-outputs.nix -A good)
+test "$goodOut" = "$goodOut2"
+
+if ! test -e "$goodOut"/good; then
+    echo "Bad derivation stole the output path of the good derivation!"
+    exit 1
+fi