diff options
author | Guillaume Maudoux <guillaume.maudoux@uclouvain.be> | 2019-02-28T22·26+0100 |
---|---|---|
committer | Guillaume Maudoux <layus.on@gmail.com> | 2019-03-09T23·56+0100 |
commit | a17f86ce3a67dd2dab2329d7262bc4ad4e7c37ff (patch) | |
tree | 4507f21b74cbd5bb3649be5ca419a2d30aa8beb0 /src/nix-daemon/nix-daemon.cc | |
parent | 43331d634498154f6a1835c8c417dd07eaefd45d (diff) |
Obfuscate memory roots for non-root users
Diffstat (limited to 'src/nix-daemon/nix-daemon.cc')
-rw-r--r-- | src/nix-daemon/nix-daemon.cc | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/nix-daemon/nix-daemon.cc b/src/nix-daemon/nix-daemon.cc index 8368c3266142..faa23b268628 100644 --- a/src/nix-daemon/nix-daemon.cc +++ b/src/nix-daemon/nix-daemon.cc @@ -478,8 +478,15 @@ static void performOp(TunnelLogger * logger, ref<Store> store, Roots roots = store->findRoots(); logger->stopWork(); to << roots.size(); - for (auto & i : roots) - to << i.first << i.second; + int n = 0; + for (auto & i : roots) { + // Obfuscate 'memory' roots as they exposes information about other users, + if (i.first.rfind("{memory:", 0) == 0) { + to << fmt("{memory:%d}", n++) << i.second; + } else { + to << i.first << i.second; + } + } break; } |