diff options
author | Eelco Dolstra <e.dolstra@tudelft.nl> | 2005-10-17T16·59+0000 |
---|---|---|
committer | Eelco Dolstra <e.dolstra@tudelft.nl> | 2005-10-17T16·59+0000 |
commit | 439823ae803444052442ad6ceb7191ba22cbc4cf (patch) | |
tree | 5a99fbaea5aa4c453e8806fa96ff18629dd36cff /src/libstore | |
parent | 7ef574e5d0568a27a3f30b68af6d0a744aff90ff (diff) |
* Check that the build result is owned by the build user, and that
nobody else has write permission to the build result. This catches most hack attempts.
Diffstat (limited to 'src/libstore')
-rw-r--r-- | src/libstore/build.cc | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index e0a7c6689742..47d0979213ba 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -1194,6 +1194,10 @@ void DerivationGoal::computeClosure() % drvPath % path); } + struct stat st; + if (lstat(path.c_str(), &st)) + throw SysError(format("getting attributes of path `%1%'") % path); + startNest(nest, lvlTalkative, format("scanning for references inside `%1%'") % path); @@ -1214,8 +1218,6 @@ void DerivationGoal::computeClosure() /* The output path should be a regular file without execute permission. */ struct stat st; - if (lstat(path.c_str(), &st)) - throw SysError(format("getting attributes of path `%1%'") % path); if (!S_ISREG(st.st_mode) || (st.st_mode & S_IXUSR) != 0) throw Error( format("output path `%1% should be a non-executable regular file") @@ -1234,6 +1236,15 @@ void DerivationGoal::computeClosure() % path % algo % printHash(h) % printHash(h2)); } + /* Check that the output is not group or world writable, as + that means that someone else can have interfered with the + build. Also, the output should be owned by the build + user. */ + if ((st.st_mode & (S_IWGRP | S_IWOTH)) || + (buildUser != 0 && st.st_uid != buildUser)) + throw Error(format("suspicious ownership or permission on `%1%'; rejecting this build output") % path); + + /* Get rid of all weird permissions. */ canonicalisePathMetaData(path); /* For this output path, find the references to other paths contained |