* When NIX_REMOTE is set to "slave", fork off nix-worker in slave

mode. Presumably nix-worker would be setuid to the Nix store user. The worker performs all operations on the Nix store and database, so the caller can be completely unprivileged. This is already much more secure than the old setuid scheme, since the worker doesn't need to do Nix expression evaluation and so on. Most importantly, this means that it doesn't need to access any user files, with all resulting security risks; it only performs pure store operations. Once this works, it is easy to move to a daemon model that forks off a worker for connections established through a Unix domain socket. That would be even more secure.
author: Eelco Dolstra <e.dolstra@tudelft.nl> 2006-11-30T19·54+0000
committer: Eelco Dolstra <e.dolstra@tudelft.nl> 2006-11-30T19·54+0000
commit: 765bdfe542d3250329dea98b69db2271419f31b6 (patch)
tree: 3eba766da3d72f36b5ea417b79e0dc275b954135 /src/libutil
parent: 40b3f64b55f98e03b3173541b8d94cd924099223 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/src/libutil/serialise.hh b/src/libutil/serialise.hh
index 459a693ee838..6be10b5528db 100644
--- a/src/libutil/serialise.hh
+++ b/src/libutil/serialise.hh
@@ -33,6 +33,11 @@ struct FdSink : Sink
 {
     int fd;
 
+    FdSink()
+    {
+        fd = 0;
+    }
+    
     FdSink(int fd) 
     {
         this->fd = fd;
@@ -47,6 +52,11 @@ struct FdSource : Source
 {
     int fd;
 
+    FdSource()
+    {
+        fd = 0;
+    }
+    
     FdSource(int fd) 
     {
         this->fd = fd;
author	Eelco Dolstra <e.dolstra@tudelft.nl>	2006-11-30T19·54+0000
committer	Eelco Dolstra <e.dolstra@tudelft.nl>	2006-11-30T19·54+0000
commit	765bdfe542d3250329dea98b69db2271419f31b6 (patch)
tree	3eba766da3d72f36b5ea417b79e0dc275b954135 /src/libutil
parent	40b3f64b55f98e03b3173541b8d94cd924099223 (diff)