* Security: make sure the lock files used by build-remote.pl are not

  readable to other users.  Otherwise, any user can open the lock file
  for reading and lock it, thus DoSing the remote build mechanism.

1 files changed, 5 insertions, 5 deletions

diff --git a/scripts/build-remote.pl.in b/scripts/build-remote.pl.in
index 6a65157561..8bf77df04b 100755
--- a/scripts/build-remote.pl.in
+++ b/scripts/build-remote.pl.in
@@ -1,6 +1,6 @@
 #! @perl@ -w @perlFlags@
 
-use Fcntl ':flock';
+use Fcntl qw(:DEFAULT :flock);
 use English '-no_match_vars';
 use IO::Handle;
 use Nix::Config;
@@ -56,7 +56,7 @@ sub openSlotLock {
     my ($machine, $slot) = @_;
     my $slotLockFn = "$currentLoad/" . (join '+', @{$machine->{systemTypes}}) . "-" . $machine->{hostName} . "-$slot";
     my $slotLock = new IO::Handle;
-    open $slotLock, ">>$slotLockFn" or die;
+    sysopen $slotLock, "$slotLockFn", O_RDWR|O_CREAT, 0600 or die;
     return $slotLock;
 }
 
@@ -64,7 +64,7 @@ sub openSlotLock {
 # Read the list of machines.
 my @machines;
 if (defined $conf && -e $conf) {
-    open CONF, "< $conf" or die;
+    open CONF, "<$conf" or die;
     while (<CONF>) {
         chomp;
         s/\#.*$//g;
@@ -104,7 +104,7 @@ REQ: while (1) {
     # Acquire the exclusive lock on $currentLoad/main-lock.
     mkdir $currentLoad, 0777 or die unless -d $currentLoad;
     my $mainLock = "$currentLoad/main-lock";
-    open MAINLOCK, ">>$mainLock" or die;
+    sysopen MAINLOCK, "$mainLock", O_RDWR|O_CREAT, 0600 or die;
     flock(MAINLOCK, LOCK_EX) or die;
     
     
@@ -232,7 +232,7 @@ sub removeRoots {
 # the same missing path simultaneously, causing the effective network
 # bandwidth and target disk speed to be divided by N.
 my $uploadLock = "$currentLoad/$hostName.upload-lock";
-open MAINLOCK, ">>$uploadLock" or die;
+sysopen MAINLOCK, "$uploadLock", O_RDWR|O_CREAT, 0600 or die;
 flock(MAINLOCK, LOCK_EX) or die;
 Nix::CopyClosure::copyTo($hostName, [ @sshOpts ], [ $drvPath, @inputs ], "", "", 0, 0, $maybeSign ne "");
 close MAINLOCK;