diff options
author | Eelco Dolstra <e.dolstra@tudelft.nl> | 2005-10-17T15·33+0000 |
---|---|---|
committer | Eelco Dolstra <e.dolstra@tudelft.nl> | 2005-10-17T15·33+0000 |
commit | 32282abceaebbe574fa83c074aa8dbff19f937bb (patch) | |
tree | 103144b0cf817ff3bec12f1a1ab897dfe7faf344 /src/libmain | |
parent | 15ff877438a57936d620622cee8fb98cea607d08 (diff) |
* Beginning of secure multi-user Nix stores. If Nix is started as
root (or setuid root), then builds will be performed under one of the users listed in the `build-users' configuration variables. This is to make it impossible to influence build results externally, allowing locally built derivations to be shared safely between users (see ASE-2005 paper). To do: only one builder should be active per build user.
Diffstat (limited to 'src/libmain')
-rw-r--r-- | src/libmain/shared.cc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/libmain/shared.cc b/src/libmain/shared.cc index 0a6ebcd5c225..bc7b2dd51fef 100644 --- a/src/libmain/shared.cc +++ b/src/libmain/shared.cc @@ -334,6 +334,11 @@ void switchToNixUser() exit(1); } + /* !!! for setuid operation, we should: 1) wipe the environment; + 2) verify file descriptors 0, 1, 2; 3) etc. + See: http://www.daemon-systems.org/man/setuid.7.html + */ + haveSwitched = true; #endif |