Add restricted evaluation mode

If ‘--option restrict-eval true’ is given, the evaluator will throw an exception if an attempt is made to access any file outside of the Nix search path. This is primarily intended for Hydra, where we don't want people doing ‘builtins.readFile ~/.ssh/id_dsa’ or stuff like that.
author: Eelco Dolstra <eelco.dolstra@logicblox.com> 2015-02-23T13·41+0100
committer: Eelco Dolstra <eelco.dolstra@logicblox.com> 2015-02-23T14·54+0100
commit: 15d2d3c34e454fb7795998a3a2d73010dfbdec38 (patch)
tree: 677224a9270e2f70112f58ab7adf8956c293e8fc /src/libexpr/eval.hh
parent: 47bdc52c1bf7bcec0ea1b685cf4c22b6b93be06d (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/libexpr/eval.hh b/src/libexpr/eval.hh
index f7415fb78d..bfaa4081d4 100644
--- a/src/libexpr/eval.hh
+++ b/src/libexpr/eval.hh
@@ -135,6 +135,10 @@ public:
        already exist there. */
     bool repair;
 
+    /* If set, don't allow access to files outside of the Nix search
+       path or to environment variables. */
+    bool restricted;
+
 private:
     SrcToStore srcToStore;
 
@@ -155,6 +159,8 @@ public:
 
     void addToSearchPath(const string & s, bool warn = false);
 
+    Path checkSourcePath(const Path & path);
+
     /* Parse a Nix expression from the specified file. */
     Expr * parseExprFromFile(const Path & path);
     Expr * parseExprFromFile(const Path & path, StaticEnv & staticEnv);
author	Eelco Dolstra <eelco.dolstra@logicblox.com>	2015-02-23T13·41+0100
committer	Eelco Dolstra <eelco.dolstra@logicblox.com>	2015-02-23T14·54+0100
commit	15d2d3c34e454fb7795998a3a2d73010dfbdec38 (patch)
tree	677224a9270e2f70112f58ab7adf8956c293e8fc /src/libexpr/eval.hh
parent	47bdc52c1bf7bcec0ea1b685cf4c22b6b93be06d (diff)