Don't resolve symlinks while checking __impureHostDeps

Since these come from untrusted users, we shouldn't do any I/O on them before we've checked that they're in an allowed prefix.
author: Eelco Dolstra <eelco.dolstra@logicblox.com> 2015-01-13T10·16+0100
committer: Eelco Dolstra <eelco.dolstra@logicblox.com> 2015-01-13T10·16+0100
commit: 100961e370db16979267b56acf73dd4523be9cd2 (patch)
tree: 357607682257fb4785d1c48b28817954e4b626fa /src/libstore
parent: f1151a3373c1df77255cb63a01daf29fd093d690 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 2bd0d20306..280fd6f6e8 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -1784,10 +1784,13 @@ void DerivationGoal::startBuilder()
 
         for (auto & i : impurePaths) {
             bool found = false;
-            Path canonI = canonPath(i, true);
+            /* Note: we're not resolving symlinks here to prevent
+               giving a non-root user info about inaccessible
+               files. */
+            Path canonI = canonPath(i);
             /* If only we had a trie to do this more efficiently :) luckily, these are generally going to be pretty small */
             for (auto & a : allowedPaths) {
-                Path canonA = canonPath(a, true);
+                Path canonA = canonPath(a);
                 if (canonI == canonA || isInDir(canonI, canonA)) {
                     found = true;
                     break;
author	Eelco Dolstra <eelco.dolstra@logicblox.com>	2015-01-13T10·16+0100
committer	Eelco Dolstra <eelco.dolstra@logicblox.com>	2015-01-13T10·16+0100
commit	100961e370db16979267b56acf73dd4523be9cd2 (patch)
tree	357607682257fb4785d1c48b28817954e4b626fa /src/libstore
parent	f1151a3373c1df77255cb63a01daf29fd093d690 (diff)