diff options
author | Eelco Dolstra <e.dolstra@tudelft.nl> | 2005-10-17T17·43+0000 |
---|---|---|
committer | Eelco Dolstra <e.dolstra@tudelft.nl> | 2005-10-17T17·43+0000 |
commit | 13b089c890bac229e7c3accfd9299f3fdac95e27 (patch) | |
tree | 131ac13bdc53c37b0b33f8d51e3ae0a02c846ccb | |
parent | f1b3a418fa86e3204c47d4b33873b57a19e9f47c (diff) |
* Also kill all processes of the build user after the build. This is
critical to prevent certain kinds of 0wnage.
-rw-r--r-- | src/libstore/build.cc | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index f0b136d06132..8da1e9946fd7 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -676,6 +676,14 @@ void DerivationGoal::buildDone() /* So the child is gone now. */ worker.childTerminated(savedPid); + /* When running under a build user, make sure that all processes + running under that uid are gone. This is to prevent a + malicious user from leaving behind a process that keeps files + open and modifies them after they have been chown'ed to + root. */ + if (buildUser != 0) + killUser(buildUser); + /* Close the read side of the logger pipe. */ logPipe.readSide.close(); |