diff options
author | Eelco Dolstra <e.dolstra@tudelft.nl> | 2011-07-20T12·15+0000 |
---|---|---|
committer | Eelco Dolstra <e.dolstra@tudelft.nl> | 2011-07-20T12·15+0000 |
commit | d2bfe1b071d0d71bb981535a53e9c5de43aaac81 (patch) | |
tree | ebf46ffb027950c453f25588204b98b7bbc58c2b | |
parent | 4bdb51e621e2690e561b7581d5670af08e7b3170 (diff) |
* Added a test that make sure that users cannot register
specially-crafted derivations that produce output paths belonging to other derivations. This could be used to inject malware into the store.
-rw-r--r-- | tests/Makefile.am | 3 | ||||
-rw-r--r-- | tests/secure-drv-outputs.nix | 23 | ||||
-rw-r--r-- | tests/secure-drv-outputs.sh | 37 |
3 files changed, 62 insertions, 1 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index d383bce248ea..956015be99a6 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -8,7 +8,7 @@ TESTS = init.sh hash.sh lang.sh add.sh simple.sh dependencies.sh \ referrers.sh user-envs.sh logging.sh nix-build.sh misc.sh fixed.sh \ gc-runtime.sh install-package.sh check-refs.sh filter-source.sh \ remote-store.sh export.sh export-graph.sh negative-caching.sh \ - binary-patching.sh timeout.sh + binary-patching.sh timeout.sh secure-drv-outputs.sh XFAIL_TESTS = @@ -34,5 +34,6 @@ EXTRA_DIST = $(TESTS) \ negative-caching.nix \ binary-patching.nix \ timeout.nix timeout.builder.sh \ + secure-drv-outputs.nix \ $(wildcard lang/*.nix) $(wildcard lang/*.exp) $(wildcard lang/*.exp.xml) $(wildcard lang/*.flags) \ common.sh.in diff --git a/tests/secure-drv-outputs.nix b/tests/secure-drv-outputs.nix new file mode 100644 index 000000000000..da4012eb41c0 --- /dev/null +++ b/tests/secure-drv-outputs.nix @@ -0,0 +1,23 @@ +with import ./config.nix; + +{ + + good = mkDerivation { + name = "good"; + builder = builtins.toFile "builder" + '' + mkdir $out + touch $out/good + ''; + }; + + bad = mkDerivation { + name = "good"; + builder = builtins.toFile "builder" + '' + mkdir $out + touch $out/bad + ''; + }; + +} diff --git a/tests/secure-drv-outputs.sh b/tests/secure-drv-outputs.sh new file mode 100644 index 000000000000..25dd6bfc01fe --- /dev/null +++ b/tests/secure-drv-outputs.sh @@ -0,0 +1,37 @@ +# Test that users cannot register specially-crafted derivations that +# produce output paths belonging to other derivations. This could be +# used to inject malware into the store. + +source common.sh + +clearStore +clearManifests + +startDaemon + +# Determine the output path of the "good" derivation. +goodOut=$($nixstore -q $($nixinstantiate ./secure-drv-outputs.nix -A good)) + +# Instantiate the "bad" derivation. +badDrv=$($nixinstantiate ./secure-drv-outputs.nix -A bad) +badOut=$($nixstore -q $badDrv) + +# Rewrite the bad derivation to produce the output path of the good +# derivation. +rm -f $TEST_ROOT/bad.drv +sed -e "s|$badOut|$goodOut|g" < $badDrv > $TEST_ROOT/bad.drv + +# Add the manipulated derivation to the store and build it. This +# should fail. +if badDrv2=$($nixstore --add $TEST_ROOT/bad.drv); then + $nixstore -r "$badDrv2" +fi + +# Now build the good derivation. +goodOut2=$($nixbuild ./secure-drv-outputs.nix -A good) +test "$goodOut" = "$goodOut2" + +if ! test -e "$goodOut"/good; then + echo "Bad derivation stole the output path of the good derivation!" + exit 1 +fi |