diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-06-02T00·21+0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-06-02T00·21+0200 |
commit | d8ddf994e70f97994e0f1fbd382df93cd071b90f (patch) | |
tree | 34b8e835326a5de66d45a8eac6a50a33ae694c92 /src/nix-daemon/nix-daemon.cc | |
parent | 7106bb061149c70c30fb56aaa3530e5f9218ef92 (diff) |
Don't let unprivileged users repair paths
Diffstat (limited to 'src/nix-daemon/nix-daemon.cc')
-rw-r--r-- | src/nix-daemon/nix-daemon.cc | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/src/nix-daemon/nix-daemon.cc b/src/nix-daemon/nix-daemon.cc index b3552a972f8d..ad8b0d133d82 100644 --- a/src/nix-daemon/nix-daemon.cc +++ b/src/nix-daemon/nix-daemon.cc @@ -520,13 +520,15 @@ static void performOp(bool trusted, unsigned int clientVersion, break; case wopVerifyStore: { - bool checkContents = readInt(from) != 0; - bool repair = readInt(from) != 0; - startWork(); - bool errors = store->verifyStore(checkContents, repair); - stopWork(); - writeInt(errors, to); - break; + bool checkContents = readInt(from) != 0; + bool repair = readInt(from) != 0; + startWork(); + if (repair && !trusted) + throw Error("you are not privileged to repair paths"); + bool errors = store->verifyStore(checkContents, repair); + stopWork(); + writeInt(errors, to); + break; } default: |