Set /nix/store permission to 1737

I.e., not readable to the nixbld group. This improves purity a bit for
non-chroot builds, because it prevents a builder from enumerating
store paths (i.e. it can only access paths it knows about).

1 files changed, 6 insertions, 4 deletions

diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc
index 1b3538316c..57b63408d7 100644
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@@ -251,10 +251,12 @@ LocalStore::LocalStore(bool reserveSpace)
        multi-user install. */
     if (getuid() == 0 && settings.buildUsersGroup != "") {
 
+        mode_t perm = 01737;
+
         Path perUserDir = profilesDir + "/per-user";
         createDirs(perUserDir);
-        if (chmod(perUserDir.c_str(), 01777) == -1)
-            throw SysError(format("could not set permissions on ‘%1%’ to 1777") % perUserDir);
+        if (chmod(perUserDir.c_str(), perm) == -1)
+            throw SysError(format("could not set permissions on ‘%1%’ to 1737") % perUserDir);
 
         struct group * gr = getgrnam(settings.buildUsersGroup.c_str());
         if (!gr)
@@ -265,10 +267,10 @@ LocalStore::LocalStore(bool reserveSpace)
             if (stat(settings.nixStore.c_str(), &st))
                 throw SysError(format("getting attributes of path ‘%1%’") % settings.nixStore);
 
-            if (st.st_uid != 0 || st.st_gid != gr->gr_gid || (st.st_mode & ~S_IFMT) != 01775) {
+            if (st.st_uid != 0 || st.st_gid != gr->gr_gid || (st.st_mode & ~S_IFMT) != perm) {
                 if (chown(settings.nixStore.c_str(), 0, gr->gr_gid) == -1)
                     throw SysError(format("changing ownership of path ‘%1%’") % settings.nixStore);
-                if (chmod(settings.nixStore.c_str(), 01775) == -1)
+                if (chmod(settings.nixStore.c_str(), perm) == -1)
                     throw SysError(format("changing permissions on path ‘%1%’") % settings.nixStore);
             }
         }