about summary refs log tree commit diff
path: root/src/libmain
diff options
context:
space:
mode:
authorEelco Dolstra <e.dolstra@tudelft.nl>2005-10-17T15·33+0000
committerEelco Dolstra <e.dolstra@tudelft.nl>2005-10-17T15·33+0000
commit32282abceaebbe574fa83c074aa8dbff19f937bb (patch)
tree103144b0cf817ff3bec12f1a1ab897dfe7faf344 /src/libmain
parent15ff877438a57936d620622cee8fb98cea607d08 (diff)
* Beginning of secure multi-user Nix stores. If Nix is started as
  root (or setuid root), then builds will be performed under one of
  the users listed in the `build-users' configuration variables.  This
  is to make it impossible to influence build results externally,
  allowing locally built derivations to be shared safely between
  users (see ASE-2005 paper).

  To do: only one builder should be active per build user.

Diffstat (limited to 'src/libmain')
-rw-r--r--src/libmain/shared.cc5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/libmain/shared.cc b/src/libmain/shared.cc
index 0a6ebcd5c225..bc7b2dd51fef 100644
--- a/src/libmain/shared.cc
+++ b/src/libmain/shared.cc
@@ -334,6 +334,11 @@ void switchToNixUser()
         exit(1);
     }
 
+    /* !!! for setuid operation, we should: 1) wipe the environment;
+       2) verify file descriptors 0, 1, 2; 3) etc.
+       See: http://www.daemon-systems.org/man/setuid.7.html
+    */
+
     haveSwitched = true;
     
 #endif