about summary refs log tree commit diff
path: root/src/libstore
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2019-10-09T16·01+0200
committerEelco Dolstra <edolstra@gmail.com>2019-10-09T21·57+0200
commit65953789bcd73f098486b0a385b4e661c0ccda19 (patch)
tree92a0208f5a4455b89f9549b802dc0f063e64711f /src/libstore
parent910b0fcc118cce3ade09f252da43fbe2436080e5 (diff)
Remove world-writability from per-user directories
'nix-daemon' now creates subdirectories for users when they first
connect.

Fixes #509 (CVE-2019-17365).
Should also fix #3127.

(cherry picked from commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d)
Diffstat (limited to 'src/libstore')
-rw-r--r--src/libstore/local-store.cc24
-rw-r--r--src/libstore/local-store.hh2
-rw-r--r--src/libstore/store-api.hh3
3 files changed, 25 insertions, 4 deletions
diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc
index a2af51d0ed55..4619650dd7a3 100644
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@@ -74,10 +74,11 @@ LocalStore::LocalStore(const Params & params)
        multi-user install. */
     if (getuid() == 0 && settings.buildUsersGroup != "") {
 
-        Path perUserDir = profilesDir + "/per-user";
-        createDirs(perUserDir);
-        if (chmod(perUserDir.c_str(), 01777) == -1)
-            throw SysError(format("could not set permissions on '%1%' to 1777") % perUserDir);
+        for (auto & perUserDir : {profilesDir + "/per-user", gcRootsDir + "/per-user"}) {
+            createDirs(perUserDir);
+            if (chmod(perUserDir.c_str(), 0755) == -1)
+                throw SysError("could not set permissions on '%s' to 755", perUserDir);
+        }
 
         mode_t perm = 01775;
 
@@ -1433,4 +1434,19 @@ void LocalStore::signPathInfo(ValidPathInfo & info)
 }
 
 
+void LocalStore::createUser(const std::string & userName, uid_t userId)
+{
+    for (auto & dir : {
+        fmt("%s/profiles/per-user/%s", stateDir, userName),
+        fmt("%s/gcroots/per-user/%s", stateDir, userName)
+    }) {
+        createDirs(dir);
+        if (chmod(dir.c_str(), 0700) == -1)
+            throw SysError("changing permissions of directory '%s'", dir);
+        if (chown(dir.c_str(), userId, -1) == -1)
+            throw SysError("changing owner of directory '%s'", dir);
+    }
+}
+
+
 }
diff --git a/src/libstore/local-store.hh b/src/libstore/local-store.hh
index 3ae34c4035c4..379a06af87de 100644
--- a/src/libstore/local-store.hh
+++ b/src/libstore/local-store.hh
@@ -293,6 +293,8 @@ private:
 
     Path getRealStoreDir() override { return realStoreDir; }
 
+    void createUser(const std::string & userName, uid_t userId) override;
+
     friend class DerivationGoal;
     friend class SubstitutionGoal;
 };
diff --git a/src/libstore/store-api.hh b/src/libstore/store-api.hh
index 7fb568602091..ba8990755675 100644
--- a/src/libstore/store-api.hh
+++ b/src/libstore/store-api.hh
@@ -628,6 +628,9 @@ public:
         return storePath;
     }
 
+    virtual void createUser(const std::string & userName, uid_t userId)
+    { }
+
 protected:
 
     Stats stats;