diff options
author | Eelco Dolstra <edolstra@gmail.com> | 2017-05-04T14·57+0200 |
---|---|---|
committer | Eelco Dolstra <edolstra@gmail.com> | 2017-05-04T14·57+0200 |
commit | eba840c8a13b465ace90172ff76a0db2899ab11b (patch) | |
tree | 031a4794e1b38ad6fc6d0cc94557755c0896b4fb /src/libutil/lazy.hh | |
parent | 2da6a424486e16b4b30e448a15a9b4a608df602d (diff) |
Linux sandbox: Use /build instead of /tmp as $TMPDIR
There is a security issue when a build accidentally stores its $TMPDIR in some critical place, such as an RPATH. If TMPDIR=/tmp/nix-build-..., then any user on the system can recreate that directory and inject libraries into the RPATH of programs executed by other users. Since /build probably doesn't exist (or isn't world-writable), this mitigates the issue.
Diffstat (limited to 'src/libutil/lazy.hh')
0 files changed, 0 insertions, 0 deletions